The theme of this conference is timely given the global demand for a cybersecurity workforce of sufficient scope and capability to meet ever-growing cybersecurity threats.

The 2013 (ISC) Global Information Security Workforce Study revealed that even with double-digit growth in recent years, and significant investments in the development of the cybersecurity workforce from national governments and other stakeholders across the globe, the demand for cybersecurity professionals still significantly outpaces the supply. Security professionals are critical to the successful implementation of strategic cybersecurity initiatives, technical cybersecurity products, and security awareness programs. Accordingly, the vitality of the cybersecurity workforce, and the vulnerability to our networked infrastructure and data stores posed by a shortage of qualified professionals, is an urgent priority facing the global economy. The National Association of State Chief Information Officers (NASCIO) in the United States ranked security as the number one strategic management priority in 2014. This concern is shared by individuals, organizations, and national state governments alike. The increasingly complex global environment in which cybersecurity professionals must operate includes rapid advancements in technology artifacts (e.g., mobile devices) and evolving infrastructures (e.g., cloud computing, social media) that support changes in user behavior.

As the (ISC) report indicates, these professionals must manage a dynamic set of risks while defending networked assets from attack by hackers, insider threats, and unknown adversaries. Often, managing risks means balancing security and privacy concerns. The recent revelations by Edward Snowden, an IT contractor working for the United States National Security Agency, highlight this tension between security and privacy. Important questions for “computers and people” researchers (CPR) include: how are cybersecurity professionals managing this tension? are they adequately prepared to do so? are future members of the cybersecurity workforce being adequately prepared to take on the privacy and security challenges of tomorrow? Answers to these questions are being considered through efforts such as the 2013 United States National Research Council investigation of professionalization in building the cybersecurity workforce. It seeks to shed light on which professionalization activities (e.g., certification, licensure, codes of ethics, continuing education requirements) might positively impact our ability to create a workforce capable of addressing the emerging threat. We believe that the “CPR” research community can also provide answers.

In addition to the cyber security topics listed hereunder, authors are invited to submit work on topics related to Computers and People traditionally presented at ACM SIGMIS CPR.
List of Relevant Topics

ACM SIGMIS CPR 2015 welcomes research and practice submissions that address issues congruent with the conference theme and traditional topics related to Security, Privacy and Cyber Security workforce. These topics include, but are not limited to:

    Cyber security professionals (attraction, retention and development);
    Recruitment and retention in IT and IT security related majors;
    Workplace security policies: compliance implications for managers and employees;
    Managers’ beliefs and attitudes toward information privacy and security,
    IT personnel perspectives on IT and information security and privacy,
    Financial factors and Returns on investment in IT security personnel,
    Making a business case for organizational investment in IT security personnel,
    Staffing models for IT security personnel;
    Role of IT personnel in organizational response to data security breaches;
    Employee monitoring, surveillance and privacy;
    Information security technologies, operations, controls and human behavioral controls;
    Implications of privacy, security and confidentiality laws and regulations on IT professionals;
    The role of IT personnel in workplace monitoring and surveillance;
    Education and preparation programs for Cybersecurity IT professionals;
    Personnel implications of cyber warfare, cyber-crimes, and cyber terrorism;
    Knowledge, skills, and abilities required to become an IT security professional in the coming decade;
    Challenges of maintenance and securing of electronic records in the workplace;
    IT security personnel work satisfaction and turnover in the workplace;
    The impact of social media and open culture on confidentiality, privacy and security;
    Diversity in cyber security workforce
    Professionalization of the cyber security workforce

Proceedings

Accepted papers will be published by ACM in the refereed conference proceedings which will be distributed at the conference. Full papers will be published in their entirety. Extended abstracts will be published for panel discussions and research-in-progress papers. All presented papers will be considered for the Magid Igbaria Outstanding Conference Paper of the Year Award. The Magid Igbaria Outstanding Conference Paper and other exemplar papers will be invited for publication in the DATA BASE for Advances in Information Systems – the quarterly journal publication of ACM SIGMIS.

Proceedings of all previous CPR conferences are available in the ACM Digital Library at http://portal.acm.org/dl.cfm.