CIISR 2023

Content Description of CIISR

In a connected world of people, data, and things, enterprises are caught between the need for rapid digital growth, regulatory compliance, and securing their information assets across all stakeholders [1]. Effective compliance and security governance as well as the appropriate implementation of corresponding measures are becoming a central factor for digital responsibility and sustainable security [2].

Nowadays, information security and compliance are approached from a variety of different perspectives in information systems research (ISR). As part of information security management, for instance, it is examined which operational measures may result in desired employee behavior [1, 3]. In the context of cloud computing, for instance, it is examined how compliance with service level agreements can be achieved in hybrid cloud architectures [4]. In the context of business process management, for instance, it is examined how information security and compliance measures in business processes can be ensured sustainably and economically in digitalized and electronic markets [5, 6].

These and many other current aspects of information security and compliance will be addressed at the third International Workshop on Current Information Security and Compliance Issues in Information Systems Research (CIISR 2023). The workshop will take place on 18 September 2023 in conjunction with the 18th International Conference on Wirtschaftsinformatik (WI2023). Based on the main theme of the conference–DIGITAL RESPONSIBILITY–we will discuss current issues regarding the responsible handling of information security and compliance, which are of great importance for ISR in an ever-increasing digitalization.

Consequently, we cordially invite authors to submit and present their completed research papers, short papers, or extended abstracts relevant to the workshop topic. We welcome practical contributions, empirical studies, systematic literature analyses, as well as research papers following the design science research paradigm. The topics of interest include, but are not limited to:

  • Information security policy compliance (ISPC)
    • Effectiveness of information security management standards
    • Impact of social learning on ISPC
    • ISPC in cross-organizational contexts
    • Security Education Training and Awareness (SETA)
    • Handling of data breaches
  • Information security and compliance issues in cloud environments
    • Non-compliance with promised performance levels of cloud services
    • Compliance with service level agreements and qualities of service
  • Ensuring business process compliance/security
    • Business process compliance/security in the context of outsourcing or in consideration of economic/social factors
    • Information security and compliance issues related to process mining
  • Current issues of IT compliance
    • Impact of current IT-related legal regulations (e.g., the General Data Protection Regulation (GDPR), the second Payment Services Directive (PSD2), and other) on the operations of companies and/or (governmental) institutions.
  • Information security and compliance issues related to the COVID-19 pandemic

Contributions addressing other workshop-relevant topics are also welcome.

For further questions concerning the workshop or submissions, please contact Stephan Kühnel ( We look forward to your submissions and your participation!

Format of CIISR

The target group of the CIISR workshop includes academics whose research focus is on current information security and compliance issues, practitioners working in the fields of information security and/or compliance, and all other interested parties. This workshop provides the opportunity for (senior) researchers and practitioners to present their latest research, but also serves as a forum for young scientists and doctoral students to present early or ongoing research results. Interested participants can also register for participation in the workshop without submitting a contribution.

We intend to hold the CIISR workshop as a face-to-face event. However, in case it is not possible to conduct the workshop on site due to the COVID-19 pandemic, we will offer a fully digital workshop.

Submission Types, Submission Instructions, and Formalities

We welcome submissions to the CIISR workshop on the above-mentioned topics written in English. For this purpose, we offer three submission types:

(1) Full papers (research papers/practical reports)
This submission type includes both advanced research with at least partial evaluation and comprehensive practical contributions.

(2) Short papers (research in progress papers/short practical reports)
Short papers represent ongoing research or ongoing practical projects. In addition to presenting initial results, these papers should also contain an outlook on further research or further project progress, including planned future work steps

(3) Extended abstracts
Extended abstracts present and discuss high-quality results of already published contributions (or dissertations/postdoctoral theses) with relevance to the workshop topic.

In terms of length requirements, we follow the official WI2023 guidelines for full (submission type 1) and short papers (submission types 2 and 3).

When formatting your submissions, please use the official WI2023 template.

Except for extended abstracts, the submission of contributions must be made in anonymized form, i.e., all information that would allow the authors to be identified must be removed or blinded (e.g., author names, citations of preliminary works, project names). Each submission will be reviewed double-blind. The authors‘ information will be added after the acceptance notification. 

All accepted contributions will be published in an workshop volume or in the WI Workshop Proceedings and must be presented and discussed by at least one author during the CIISR workshop.

Deadlines (extended)

Deadline for submissions:01 July 2023
15 July 2023
(midnight CET) 
Notification of (conditional) acceptance:01 August 2023
15 August 2023
Submission of final papers:01 September 2023
7 September 2023
(midnight CET) 
Workshop date:18 September 2023

Submissions should be made via the conference’s submission system ConfTool ( If you encounter any problems with the submission, please contact us immediately. If problems arise shortly before the deadline, you may also submit your paper(s) by email at (as a very last option).

Workshop Schedule

13:00 – 13:05Kick-off:
Kuehnel, Stephan; Nastjuk, Ilja; Sackmann, Stefan; Trang, Simon: Introduction and Preface to the 3rd International Workshop on Current Information Security and Compliance Issues in Information Systems Research
13:05 – 13:30Full Paper 1:
Sellami, Mahdi; Bueno Momčilović, Tomas; Kuhn, Peter; Balta, Dian: Interaction Patterns for Regulatory Compliance in Federated Learning
13:30 – 13:35Switching Time
13:35 – 14:00Full Paper 2:
Hillmann, Felix; Klauenberg, Tim; Schroeder, Lennart; Diesterhöft, Till Ole: A User-centric View on Data Breach Response Expectations
14:00 – 14:10Short Break
14:10 – 14:35 Full Paper 3:
Nake, Leonard: Integrating IT Security Aspects into Business Process Models: A Taxonomy of BPMN Extensions
14:35 – 14:40Switching Time
14:40 – 15:05 Full Paper 4:
Böhmer, Martin: From Pixels to Generalization: Ensuring Information Security and Model Performance with Design Principles for Synthetic Image Data in Deep Learning
15:05 – 15:15Short Break
15:15 – 15:55Poster Session (Short Papers 1 – 4):

Klymenko, Alexandra; Meisenbacher, Stephen; Messmer, Florian; Matthes, Florian: Privacy-Enhancing Technologies in the Process of Data Privacy Compliance: An Educational Perspective

Pfaff, Theresa: Nudging Towards Compliance? Assessing the Impact of Nudging Strategies on Information Security Policy Adherence

Hövel, Gilbert Georg; Matschak, Tizian: How to Foster Compliance in Non-Integrated IT-Landscapes? The Case of Manual Medical Data Transfers

Klymenko, Alexandra; Meisenbacher, Stephen; Matthes, Florian: The Structure of Data Privacy Compliance
15:55 – 16:00Closing
16:00 – 16:30(Voluntary) Networking

The complete proceedings of CIISR 2023 can be found at We thank for supporting our event by publishing this workshop volume!

Workshop Organizers

Dr. Stephan Kühnel
Chair of Information Systems, esp. Business Information Management 
Martin Luther University Halle-Wittenberg 
Universitaetsring 3, 06108 Halle (Saale), Germany

Dr. Ilja Nastjuk
Chair for Information Security and Compliance      
Georg August University of Goettingen
Platz der Goettinger Sieben 5
37073 Goettingen, Germany        

Prof. Dr. Stefan Sackmann
Chair of Information Systems, esp. Business Information Management  
Martin Luther University Halle-Wittenberg 
Universitaetsring 3, 06108 Halle (Saale), Germany

Prof. Dr. Simon Trang
Chair for Information Systems, esp. Sustainability 
Paderborn University
Warburger Straße 100
33098 Paderborn, Germany


Chair for Information Security and Compliance       
Georg August University of Goettingen
Platz der Goettinger Sieben 5
37073 Goettingen, Germany         

Program Committee

  • Prof. Dr. Jörn Altmann
  • Prof. Dr. Alfred Benedikt Brendel
  • Prof. Dr. Nadine Guhr
  • Ass. Prof. Dr. Simon Hacks
  • Dr. Kristin Masuch
  • Mohammed Mubarkoot, Ph.D.
  • Prof. Dr. Jana Rhese
  • Prof. Dr. Michael Schulz
  • Michael Seifert, M.Sc. (Sr. Advisor)
  • Dr. Tobias Seyffarth
  • Prof. Dr. Nils Urbach

Web Chair

  • Dr. Stephan Kühnel


  1. Trang, S., Brendel, B.: A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research. Information Systems Frontiers 21, pp. 1265–1284 (2019).
  2. Schatz, D., Bashroush, R.: Economic valuation for information security investment: a systematic literature review. Information Systems Frontiers 19, pp. 1205–1228 (2017).
  3. Hengstler, S., Kuehnel, S., Masuch, K., Nastjuk, I., Trang, S.: Should i really do that? Using quantile regression to examine the impact of sanctions on information security policy compliance behavior. Computers & Security 133, 103370, DOI: 10.1016/j.cose.2023.103370 (2023).
  4. Seifert, M., Kuehnel, S., Sackmann, S.: Hybrid Clouds Arising from Software as a Service Adoption: Challenges, Solutions, and Future Research Directions. ACM Computing Surveys , Volume 55, Issue 11, Article No.: 228, pp. 1-35, DOI: 10.1145/3570156 (2023).
  5. Sackmann, S., Kühnel, S., Seyffarth, T.: Using Business Process Compliance Approaches for Compliance Management with Regard to Digitization: Evidence from a Systematic Literature Review. In: Weske, M., Montali, M., Weber, I., vom Brocke, J. (eds) Business Process Management. BPM 2018. Lecture Notes in Computer Science (LNCS), vol 11080. Springer, Cham, pp. 409-425, DOI: 10.1007/978-3-319-98648-7_24 (2018)
  6. Seyffarth, T., Kuehnel, S.: Maintaining Business Process Compliance Despite Changes: A Decision Support Approach Based on Process Adaptations. Journal of Decision Systems 31, pp. 305–335, DOI: 10.1080/12460125.2020.1861920 (2022).