Security Risk Assessment

Abstracts due: 1 August 2016 (email to:
Submission deadline: 1 September 2016
Publication date: April 2017

Computer plans an April 2017 special issue on security risk assessment.

Risk management is an integral part of information-security management and must be based on a security risk assessment that ideally comprises a quantitative risk analysis. In theory, the level of risk is the product of the probability of occurrence multiplied by the threat’s expected damage. In practice, however, this formula is difficult, if not impossible, to apply, mainly because we have neither an exhaustive list of threats nor useful statistics for meaningfully estimating occurrence probability or expected damage. The resulting risk quantification is arbitrary and not appropriate to make mission-critical decisions.

This special issue will focus on assessing security risks in practice. The guest editors seek submissions offering research results, experimental solutions, case studies, and best practices related to security risk assessment. Possible topics include, but are not limited to:

  • identifying and classifying threats relevant to a given situation or application context
  • determining threats’ probability of occurrence and expected damage
  • finding and evaluating vulnerabilities that threats might exploit
  • quantitatively and/or qualitatively analyzing and assessing risks
  • determining appropriate security measures in response to risk assessments
  • finding innovative new ways to assess and manage security risks
  • developing techniques for integrating local and external data and data sources for security risk assessments
  • following alternative information-security management approaches

Only articles that describe previously unpublished, original, state-of-the-art research and that are not currently under review by a conference or journal will be considered. Updates to ongoing research efforts are welcome, as long as the content is at least 50 percent different from published manuscripts, the new document cites the authors’ previous work, and the authors show the editors how the new document differs.

Articles should be understandable by a broad audience of computer science and engineering professionals. All theory, mathematics, jargon, and abstract concepts should be accompanied by clear explanations and clarifying examples.

All manuscripts are subject to peer review on both technical merit and relevance to Computer's readership. Accepted papers will be professionally edited for content and style.

Authors of accepted papers are encouraged to submit complementary multimedia, such as a 2- to 4-minute podcast, a video, or an audio or audio/video interview by an expert in the field, which the Computer staff can help facilitate, record, and edit.


Please direct any correspondence before submission to the guest editors: