Personal tools
Sitemap
Follow EM on…
Facebook   Twitter
Electronic Markets - The International Journal on Networked Business

c/o Information Systems Institute
University of Leipzig
Grimmaische Str. 12
04109 Leipzig, Germany
Phone +49 341 9733600
Fax +49 341 9733612

Send e-Mail to the editors

 
Document Actions

CfP for Special Issue on "Security and Privacy in Business Networking"

Guest Editors:
 

  • Noboru Sonehara, National Institute of Informatics, Japan
  • Hubert Österle, University of St. Gallen, Switzerland
  • Stefan Sackmann, University of Halle-Wittenberg, Germany
  • A Min Tjoa, Vienna University of Technology, Austria
     

Theme

The technological development of web services, middleware for distributed computing, or smart objects enables an on-demand and inter-organizational orchestration of ICT services to companies. Such ICT services, e.g. providing basic computing and storage resources, provide a sound basis for both flexible business processes and fast adaption on changes in business networks as well as in the physical environment. Thus, business networks are dangled with more flexibility at decreasing costs.

However, substituting “traditional” ICT infrastructure by ICT services means to ship data to the code. On the one side, the disclosure (and aggregation) of data means a fundamental principle and makes all the new ICT services possible. On the other side, the disclosure of digital content bears risks for business process and data owners since the content might be confidential or personal data at least partly. Thus, leveraging the ICT services is inherently connected with the risk of violating the main protection goals of IT security: confidentiality, integrity, and availability. Without providing adequate methods and tools for managing this risk to business networks, the enormous potential of ICT services is running into danger to remain unexploited.

Even though security policies allow describing responsibilities and rules for the execution of ICT services and the processing of disclosed data, at least two open issues remain:
- Ad (a) Controllability: Legal regulations, e.g. SOX, HIPAA, and data protection acts, define minimal security principles for business processes and processing of confidential data. Business process owners and data owners can provide security by traditional mechanisms, e.g. firewalls and identity management, as long as processes and data are processed within their security domain. However, by using external ICT services, the enforcement of security and compliance rules regarding external processing of data and execution of processes cannot be controlled any longer. Companies and customers have to trust external service providers that the rules are followed – meaning risks to the security of the business processes and to the privacy of data.
- Ad (b) Threats by unexpected – even if not unknown – interferences: Technical failure, crime, terrorism, or natural disasters threaten correctness and availability of ICT services. When such a threat becomes reality, ICT should still provide its services. A main approach to sustain required services is the flexible adaptation of the underlying parts of the ICT infrastructure that are still available. Such flexibility premises integration of several separate security domains. While service-oriented computing facilitates spontaneous replacement of affected services, such a spontaneous replacement implies granting access to data and functions to an “outsider” and thereby making him or her an “insider”. Hence, such flexibility opens an enormous potential of misuse placing enormous challenges on providing security and protecting privacy.

Topics
This special issue calls for original papers on methodologies, technologies, and best practices for solving problems of security and privacy in on-demand, inter-organizational ICT usage for business processes. Contributions from research and business practice on the following and related topics are invited:

Economics, methodologies, and best practices

  • Business Continuity Plan and Business Continuity Management
    Business Resilience
  • Critical Information Infrastructure Protection
  • Dependability and Security
  • Economics of Control
  • Inter-organizational Risk Assessment and Management

Control mechanisms and technologies

  • Anonymity and Encryption Techniques
  • Inter-organizational Policy Enforcement
  • Distributed Policy Management
  • Detection and Identification of Anomalies in Service-Oriented Computing
  • Relaxed Access Control Policies and Systems
  • Resilience Networking
  • Usage Control Mechanisms

Submissions for additional but related topics are welcome. Electronic Markets is a methodologically pluralistic journal. Quantitative and qualitative research methods are both welcome, as long as the studies are methodologically sound. Conceptual and theory-development papers, empirical hypothesis testing, and case-based studies are all welcome. All papers will be peer reviewed and should conform to Electronic Markets publication standards.

Submission

Submission of a manuscript implies: that the work described has not been published before; that it is not under consideration for publication anywhere else; that its publication has been approved by all co-authors, if any, as well as by the responsible authorities – tacitly or explicitly – at the institute where the work has been carried out. The publisher will not be held legally responsible should there be any claims for compensation. A submission must be in English and should consist of approximately 5,000 - at least 3,500 and at most of 6,000 - words. The template is available at http://www.eletronicmarkets.org. Articles must be submitted via the electronic submission system at http://elma.edmgr.com.
 

If you would like to discuss any aspect of the special theme, please contact the guest editors for the special issue.


 

Contact addresses


 

Important deadline

  • Submission Deadline: June 30, 2012