IFIP WG8.11/WG11.13

Information Systems Security Research


The aim of the working group is the creation, dissemination, and preservation of well-formed research about information systems security. While relevant for advanced practical development, our primary audience consists of researchers in this area. We value research products with highly reliable and validated theory, empirical data, or quantitative/qualitative social scientific methodology. The group's activities will be workshop-based, and intended to nurture individual journal articles for submission to a wide variety of journals. Our workshops will produce notebooks that consist of formative working papers. We mainly target final publication venues in the management research journal communication system.


Anchoring to information systems means our research will attend and extend the social, organizational, and managerial literature in this area. While we assume an effective foundation in information security technology, we regard information systems risks broadly, for example crime, employee misconduct, warfare, terrorism, error, accident, natural events, etc. We also address information systems security broadly, for example, privacy, awareness, policies, strategy, audit, planning and control.

Dewald Roode Workshop

The IFIP Working Group 8.11/11.13 holds the Dewald Roode Information Security Workshop annually. Click here for the 2019 call for papers and conference page at Louisiana Tech University in Bossier City, Louisiana, USA. The submission deadline is June 1, 2019.

Conferences proceedings for 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, and 2018 are available for download.


Chair: Allen Johnston, University of Alabama, US
Vice Chair: Manish Agrawal, University of South Florida, US

Editor: Anthony Vance, Temple University, US
Secretary: Tejaswini ("Teju") Herath, Brock University, CA

IFIP 8.11/11.13 Papers Subsequently Published in Refereed Journals

D'Arcy, J. and Teh, P.-L. Forthcoming. "Predicting Employee Information Security Policy Compliance on a Daily Basis: The Interplay of Security-Related Stress, Emotions, and Neutralization," Information & Management.

Johnston, Allen C., Warkentin, M., Siponen, M., and Dennis, A. Forthcoming. "Speak their Language: Designing Effective Messages to Improve Employees' Information Security Decision Making," Decision Sciences.

Barlow, Jordan B., Merrill Warkentin, Dustin Ormond, and Alan R. Dennis. 2018. "Don't even think about it! The effects of anti-neutralization, informational, and normative communication on information security compliance," Journal of the Association for Information Systems, 19 (8), pp. 689-715.

Hua, J., Chen, Y., and Luo, X. R. 2018. "Are We Ready for Cyberterrorist Attacks?--Examining the Role of Individual Resilience." Information & Management, 55 (7), pp. 928-938.

Vance, A., Jenkins, J., Anderson, B., Bjornn, D., Kirwan, B. 2018. "Tuning Out Security Warnings: A Longitudinal Examination of Habituation through fMRI, Eye Tracking, and Field Experiments," MIS Quarterly, 42 (2), pp. 355-380.

Otondo, Robert F., Robert E. Crossler, and Merrill Warkentin. 2018. "Ranking Factors by Importance in Factorial Survey Analysis," Communications of the AIS, 42 (1), 8, pp. 183-232.

Willison, Robert, Merrill Warkentin, and Allen C. Johnston. 2018. "Examining Employee Computer Abuse Intentions: Insights from Justice, Deterrence, and Neutralization Perspectives," Information Systems Journal, 28 (2), pp. 266-293.

Lee, J. K., Cho, D. G., and Lim, G.G, 2018. "Design and Validation of the Bright Internet," Journal of the Association for Information Systems, 19 (2), pp. 63-85.

Anderson, C., Baskerville, R., & Kaul, M. 2017. Information Security Control Theory: Achieving a Sustainable Reconciliation between Sharing and Protecting the Privacy of Information. Journal of Management Information Systems, 34 (4), pp. 1082-1112.

Ho, S.M., Lowry, P.B., Merrill Warkentin, Yang, Y., and Hollister, J.M. 2017. "Gender Deception in Asynchronous Online Communication: A Path Analysis," Information Processing & Management, 53 (1), pp. 21-41.

Ormond, D., Warkentin, M., Johnston, A.C., and Thompson, S.C. 2016. "Perceived deception: Evaluating source credibility and self-efficacy," Journal of Information Privacy & Security, 12 (4), pp. 197-217.

Jenkins, J., Anderson, B., Vance, A., Kirwan, B., Eargle, D. 2016. "More Harm than Good? How Security Messages that Interrupt Make Us Vulnerable," Information Systems Research, 27 (4), pp. 880-896.

Steinbart, P.J., Keith, M., and Babb, J. 2016. "Examining the continuance of secure behavior: A longitudinal field study of mobile device authentication," Information Systems Research, 27 (2) pp. 219-239.

Kim, J., Baskerville, R., Park, E. 2016 "A Model of Emotion and Computer Abuse," Information & Management, 53 (1), pp. 91-108.

Johnston, A.C., Warkentin, M., McBride, M., Carter, L. 2016. "Dispositional and Situational Factors: Influences on IS Security Policy Violations," European Journal of Information Systems, 25 (3), pp 231-251.

Lee Jr., J., Warkentin, M., Johnston, A.C. 2016. "A Broader View of Information Risk during Internet Transactions," Communications of the AIS, 38, Article 8.

Anderson, B.B., Kirwan, C.B., Eargle, D., Jensen, S., and Vance, A. 2015. "Neural Correlates of Gender Differences and Color in Distinguishing Security Warnings and Legitimate Websites: A Neurosecurity Study," Journal of Cybersecurity, 1 (1), pp. 109-120.

Posey, C., Roberts, T., Lowry, P.B. 2015. "The Impact of Organizational Commitment on Insiders' Motivation to Protect Organizational Information Assets," Journal of Management Information Systems, 32(4), pp. 179-214.

James, Tabitha L., Merrill Warkentin, and Stéphane E. Collignon. 2015. "A Dual Privacy Decision Model for Online Social Networks," Information & Management, 52(8), pp. 893-908.

Lowry, P.B. and Moody, G.D. "Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organizational information security policies," Information Systems Journal, 25(5), pp. 433-463.

Vance, A., Lowry, P.B., Eggett, D. 2015. "Increasing Accountability through User-Interface Design Artifacts: A New Approach to Addressing the Problem of Access-Policy Violations," MIS Quarterly, 39 (2), pp. 345-366.

D'Arcy, J., Herath, T., Shoss, M. 2014. "Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective," Journal of Management Information Systems, 31 (2), pp. 285-318.

Baskerville, R., Park, E., and Kim, J. 2014. "An Emote Opportunity Model of Computer Abuse," Information Technology & People, 27 (2), pp. 155-181.

Barlow, J.B., Warkentin, M., Ormond, D., and Dennis, A.R. 2013. "Don't Make Excuses!: Discouraging Neutralization to Reduce IT Policy Violation," Computers & Security, 39, pp. 145-159.

Vance, A., Lowry, P.B., Eggett, D. 2013. "Using Accountability to Reduce Access Policy Violations in Information Systems," Journal of Management Information Systems, 29 (4), pp. 263-289. Luo, X., Zhang, W., Burd, S., and Seazzu, A. 2013. "Investigating Phishing Victimization with the Heuristic-Systematic Model: A Theoretical Framework and an Exploration," Computers & Security, 38, pp. 28-38.

Posey, C., Roberts, T.L., Lowry, P.B., Bennett, R., and Courtney, J. 2013. "Insiders' Protection of Organizational Information Assets: Development of a Systematics-based Taxonomy and Theory of Diversity for Protection-motivated Behaviors," MIS Quarterly, 37 (4), pp. 1189-1210.

Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R. "Future Directions for Behavioral Information Security Research," Computers & Security, 32, 1, 2013, pp. 90-101.

Xu, Z., Hu, Q., Zhang, C. 2013. "Why Do Computer Talents Become Computer Hackers? A Framework for Understanding and Managing the Hacking Epidemic," Communications of the ACM, 56, 4, pp. 64-74.

Willison, R. and Warkentin, M. 2013. "Beyond Deterrence: An Expanded View of Employee Computer Abuse," MIS Quarterly, 37, 1, pp. 1-20.

Bélanger, F., Crossler, R. E., Hiller, J. S., Hsiao, M., and Park, J-P. 2013. POCKET: A Tool for Protecting Children's Privacy Online, Decision Support Systems, 54, 2, pp. 1161-1173.

Njenga, K. and Brown, I. "Conceptualising Improvisation in Information Systems Security." European Journal of Information Systems, 21, 6, p. 592-607.

Hu, Q., Xu, Z., Dinev, T., and Ling, H. 2011. "Does Deterrence Work in Reducing Information Security Policy Abuse by Employees?," Communications of the ACM, 54-60, 6, pp. 54.

Furnell, S., von Solms, R., & Phippen, A. 2011. "Preventative Actions for Enhancing Online Protection and Privacy," International Journal of Information Technologies and Systems Approach, 4, 2, pp. 1-11.


Manish Agrawal, University of South Florida, US
Yaqoub Alsarkal, George Washington University, US
Bonnie Anderson, Brigham Young University, US
Chad Anderson, Northern Kentucky University, US
Salvatore Aurigemma, University of Tulsa, US
Jordan Barlow, University of St. Thomas, US
Richard Baskerville, Georgia State University, US
France Bélanger, Virginia Tech, US
Scott Boss, Bentley University, US
Irwin Brown, University of Cape Town, ZA
Sean Browne, National University of Ireland, IE
Burcu Bulgurcu, Boston College, CA
Mary Burns, Augusta State University, US
Abdul Rahim Charif, Nova Southeastern University, US
Rui Chen, Iowa State University, US
Rachel Chung, Chatham University, US
Robert Crossler, Washington State University, US
John D'Arcy, University of Delaware, US
Alan Dennis, Indiana University, US
Ersin Dincelli, University at Albany (SUNY), US
Alexandra Durcikova, University of Oklahoma, US
David Eargle, University of Colorado Boulder, US
Xu Feng, Xi'an Jiaotong University, US
Jacob Fredericksen, Brigham Young University, US
Steven Furnell, University of Plymouth , GB
Dennis Galletta, University of Pittsburgh, US
Justin Giboney, Brigham Young University, US
Sanjay Goel, University at Albany (SUNY), US
Matthew Hashim, University of Arizona, US
Teju Herath, Brock University, CA
Anat Hovav, Korea University, KR
Qing Hu, City University of New York (CUNY), US
Jeff Jenkins, Brigham Young University, US
Allen Johnston, University of Alabama, US
Hwee-Joo Kam, University of Tampa, US
George Kasper, Virginia Commonwealth University, US
Mala Kaul, University of Nevada, Reno, US
Mark Keith, Brigham Young University, US
Bart Knijnenburg, Clemson University, US
Fujun Lai, University of Southern Mississippi, US
Jae Kyu Lee, Korea Advanced Institute of Science and Technology, KR
Jae Ung (Jake) Lee, Louisiana Tech University, US
Yuan Li, University of Illinois Springfield, US
Ruochen Liao, State University of New York at Buffalo, US
Paul Lowry, Virginia Tech, US
Robert Luo, University of New Mexico, US
Michele Maasberg, Louisiana Tech University, US
Phil Menard, University of South Alabama, US
Zareef Mohammed, SUNY Plattsburgh, US
Fiona Nah, Missouri University of Science and Technology, US
Kennedy Njenga, University of Johannesburg, ZA
Jacques Ophoff, University of Cape Town, ZA
Dustin Ormond, Creighton University, US
Rachida Parks, Quinnipiac University, US
Clay Posey, University of Central Florida, US
Kai Rannenberg, Goethe University, DE
Raghav Rao, University of Texas at San Antonio, US
Kelly Shane Reeves, Brigham Young University, US
Keng Siau, Missouri University of Science and Technology, US
Mikko Siponen, University of Jyvaskyla, FI
Paul Steinbart, Arizona State University, US
Detmar Straub, Temple University
Teodor Sommestad, Swedish Defence Research Agency, SE
Gurvirender Tejay, St. Thomas University, US
Samuel Thompson, University of Alabama Birmingham, US
Rohit Valecha, Middle Tennessee State, US
Anthony Vance, Temple University, US
Rossouw von Solms, Nelson Mandela Metropolitan University, ZA
Gunnar Wahlgren, Stockholm University, SE
Jeffrey Wall, Michigan Tech University, US
Jingguo Wang, University of Texas Arlington, US
Merrill Warkentin, Mississippi State University, US
John Warren, University of Texas at San Antonio, US
Robert Willison, Newcastle University Business School, UK
Heng Xu, Pennsylvania State University, US
Li Yaojie "William", Louisiana Tech University, US
Adel Yazdanmehr, Baruch College, US
Xinhui Zhan, Missouri University of Science and Technology, US
Nan Zhang, University of Jyvaskyla, FI

Former Working Group Attendees

Lemuria Carter, University of New South Wales, AU
Rajarshi Chakraborty, Apple Inc., US
Stephane Collignon, West Virginia University, US
James Courtney, Louisiana Tech University, US
Paul Di Gangi, University of Alabama Birmingham, US
Marc Dupuis, University of Washington, US
Kathy Enget, Virginia Tech, US
Chen Guo, James Madison University, US
Shuyuan Mary Ho, Florida State University, US
Tabitha James, Virginia Tech, US
Mari Karjalainen, Oulu University, FI
Jong Woo (Jonathan) Kim, University of Massachusetts Boston, US
Stewart Kowalski, Gjøvik University College, Norway
Jim Lee, United State Marine Corps, US
Allen Lee, Virginia Commonwealth University, US
Kal Malimage, University of Wisconsin-Whitewater, US
Nirmalee Raddatz, University of Memphis, US
Maranda McBride, North Carolina A & T, US
Leigh Mutchler, James Madison University, US
Eric Negangard, Virginia Tech, US
Robert Otondo, Mississippi State University, US
Sam Ransbotham, Boston College, US
Tom Roberts, University of Texas at Tyler, US
Jordan Shropshire, University of South Alabama, US
Carl Stucke, Georgia State University, US
Chul Woo Yoo, University at Buffalo, US
Wei Zhang, University of Massachusetts Boston, US