PRISEM 2020 : First International Workshop on Privacy and Security in Enterprise Modeling (PriSEM'20 in conjunction with EDOC20)
Call For Papers
Security and privacy are critical issues in modern organizations. Enterprise business processes and their supporting systems have to constantly evolve in order to comply with security and privacy policies. Complex organizational structures and their distributed business processes make such compliance a major effort. Moreover, the intersection between privacy and security technologies and software engineering has tremendous implications on the very way information systems are modeled for their design and development. These changes affect the requirements and software engineering processes in organizations. That is why security and privacy requirements have to be explicitly addressed in enterprise models while technologies supporting security and privacy have to become an integrated part of Enterprise Architecture.
Emerging technologies such as distributed ledgers, privacy-enhancing technologies, and blockchains leverage powerful cryptography features, all-purpose Turing-complete programming languages and flexible communication models. They are considered as new transparency security and privacy enablers for distributed processing without requiring a trusted third-party. Today, their integration within information systems is a difficult task for enterprise architects due to the paradigm-shifting nature of those technologies and the lack of adequate models and tools from the enterprise modeling community. This paradigmatic shift can also be explained with privacy-enhancing technologies coming from a tradition of privacy as confidentiality. This area is under explored and yet to be understood.
The goal of PriSEM’20 is to bring together researchers and practitioners to discuss theoretical and practical problems and solutions in a rapidly maturing domain of enterprise security and privacy. The integration of security and privacy aspects in enterprise models is a central theme of this workshop.
We strongly encourage the submissions reporting a synergy of innovative research and best practices in the area of organizational privacy and security management, modeling and architecture, etc.
The topics of interest include but are not limited to
Modeling for design and analysis of privacy-enhanced and/or security enterprise systems
Privacy/security by design
Privacy/security modeling for software design
Modeling for privacy/security compliance
Privacy beyond compliance/privacy as confidentiality in enterprises
Data protection mechanisms and implementation in enterprises
Conceptualization and modeling of privacy-enhancing technologies (PETs) in requirements engineering, enterprise modeling, and IS
Modeling for privacy-preserving ML and AI
Privacy/security management using emerging technologies
Privacy/security modeling for enterprise distributed ledger and blockchain solutions
Privacy/security modeling for enterprise smart contracts
Privacy/security modeling for enterprise IoT integration
Privacy/security modeling for supply-chain
Practical aspects of privacy & security modeling in the organizations
Privacy/security in business process modeling
Usability of privacy and security in the context of enterprise architecture
Privacy/security enterprise methods and methodologies
We solicit four types of contributions:
Technical papers should describe original results not been accepted or submitted for publication elsewhere. These papers will be evaluated based on their scientific and technical contribution, originality, and relevance.
Experience reports should provide new insights gained in case studies or when applying enterprise computing technology in practice; industry experience reports shall further provide important feedback about the state of practice and pose challenges for researchers. These papers will be evaluated based on their appropriateness, significance, and clarity. Industry experience reports must report an actual implementation in practice and must have at least one author with an industry affiliation.
Successful failures and negative results papers should report experiences of an attempt to combine privacy and/or security in enterprise modeling with a less favorable outcome than expected. These papers should present an analysis of the situation about intentions vs reality and reflections in the format of lessons learnt and guidelines about what could be done to avoid repeating such cases.
Position papers should give a broad yet well-informed overview of the topic they focus on and build a vision and a research roadmap, or open questions for the community at any topic related to privacy, security, and enterprise modeling. These papers should show familiarity with related work and could be built on extensive literateure review but should offer the reflections of the authors about the research domain and not merely summarize prior research. These papers will be evaluated on their potential to spark debate during the workshop as well as how artitulate they highlight current and future challenges.