9th ACM CCS International Workshop on 
Managing Insider Security Threats
(In Conjunction with ACM CCS 2017)

Dallas, USA
Oct. 30 – Nov. 3, 2017

[CFP][Overview][Topics][Workshop Organization][Important Dates]
[Program][Registration][Author Instruction][Proceedings][Previous MISTs][Contact]


## News

- MIST 2017 website now opens.

## Overview

During the past decades, information security developments have been mainly concerned with preventing illegal attacks by outsiders, such as hacking, virus propagation, and spyware. However, according to a recent Gartner Research Report1), information leakage caused by insiders who are legally authorized to have access to some corporate information is increasing dramatically. These leakages can cause significant damages such as weakening the competitiveness of companies (and even countries). Information leakage caused by insiders occurs less frequently than information leakage caused by outsiders2), but the financial damage is much greater. Countermeasures in terms of physical, managerial, and technical aspects are necessary to construct an integral security management system to protect companies' major information assets from unauthorized internal attackers. The objective of this workshop is to showcase the most recent challenges and advances in security technologies and management systems to prevent leakage of organizations' information caused by insiders. It may also include state-of-the-art surveys and case analyses of practical significance. We expect that the workshop will be a trigger for further research and technology improvements related to this important subject.



## Topics (not limited to)

- Theoretical foundations and algorithms for addressing insider threats
- Insider threat assessment and modeling
- Security and cryptography technologies to prevent, detect and predict insider threats
- Cryptographic protocols against insider threats
- Validating the trustworthiness of staff
- Post-insider threat incident analysis
- Data breach modeling and mitigation techniques
- Registration, authentication and identification
- Certification and authorization
- Database security
- Device control system
- Digital forensic system
- Fraud detection
- Network access control system
- Intrusion detection
- Keyboard information security
- Information security governance
- Information security management systems
- Risk assessment and management
- Log collection and analysis
- Trust management
- IT compliance (audit)
- Continuous auditing
- Corporate ethics, accountability and integrity



## Workshop Organization

General Co-Chairs

- Ilsun You (Soonchunhyang University, South Korea)
- Elisa Bertino (Purdue University, USA)

Program Committee

- Ioannis Agrafiotis (Oxford University, UK)
- Joonsang Baek (Khalifa University of Science, Technology and Research, UAE)
- William Casey (Software Engineering Institute - Carnegie Mellon University, USA)
- William R. Claycomb (Carnegie Mellon University, USA)
- Ing-Ray Chen (Virginia Tech, USA)
- Raymond Choo (The University of Texas at San Antonio, USA)
- Steven Furnell (University of Plymouth, UK)
- Florian Kammuelle (Middlesex University, UK)
- Fang-Yie Leu (Tunghai University, Taiwan)
- Jason Nurse (Oxford University, UK)
- MAJ Michael Petullo (United States Military Academy, West Point, USA)
- Christian W. Probst (Technical University of Denmark, Denmark)
- Kyung-Hyune Rhee (Pukyong National University, South Korea)
- Fei Song (Beijing Jiaotong University, China)
- Hassan Takabi (University of North Texas, USA)
- Danfeng (Daphne) Yao (Virginia Tech, USA)
- Jeong Hyun Yi (Soongsil University, South Korea)
- Meng Yu (The University of Texas at San Antonio, USA)
- Quanyan Zhu (New York University, USA)

[Additional members still being invited]



## Important Dates

- Paper submission deadline: August 4, 2017, 23:59 (UTC–11)
- Acceptance notification: September 4, 2017
- Camera-ready due: September 17, 2017 (hard deadline)



## Author Instruction

Authors are invited to submit original papers:
they must not substantially duplicate work that any of the authors have published elsewhere
or have submitted in parallel to any other conferences that have proceedings.

The submission of contributions to MIST 2017 must occur through
the workshop submission system: TBD

Submissions must be at most 12 pages in double-column ACM format
(https://www.acm.org/sigs/publications/proceedings-templates) including the bibliography and well-marked appendices. MIST 2017 also welcomes short submissions of up to 4 pages including the bibliography and well-marked appendices. Submissions must be anonymized and avoid obvious self-references. Only PDF files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits.

Each accepted paper must be presented by an author, who will have to be registered
by the early-bird registration deadline.



## Registration




## Proceedings

Proceedings of MIST 2017 will be available (on a USB jump drive) to the workshop attendees.
MIST 2017 will also have on-line proceedings through ACM Digital Library, with a separate ISBN.



## Previous MISTs

- MIST 2016 - October 28, 2016, Hofburg Palace, Vienna, Austria (with ACM CCS 2016)
- MIST 2015 - October 16, 2015, The Denver Marriot City Center, Denver, Colorado, USA (with ACM CCS 2015)
- MIST 2014 - November 21-22, 2014, Konkuk University, Seoul, Rep. of Korea
- MIST 2013 - October 24-25, 2013, Pukyong National University, Busan, Rep. of Korea
- MIST 2012 - November 8-9, 2012, Nishijin Plaza, Kyushu University, Fukuoka, Japan
- MIST 2011 - December 1-2, 2011, Fukuoka Institute of Technology, Fukuoka, Japan (with InCos 2011)
- MIST 2010 - June 15, 2010, Morioka, Iwate, Japan (with IFIPTM 2010)
- MIST 2009 - June 16, 2009, Purdue University, West Lafayette, USA (with IFIPTM 2009)



## Contact

For further information regarding the workshop and paper submission, please contact MIST 2017 organizer at ilsunu@gmail.com


 Jay Heiser. "Understanding Data Leakage", Gartner Research Report, August 2007
2) George Fyffe. "Addressing the insider Threat", Network Security, March 2008