-> CISIS conference

First Workshop on Economics of Compliance Control and Automation (ECCA 2010)

To be held in conjunction with the Fifth International Conference on Availability, Reliability and Security (ARES 2010 – http://www.ares-conference.eu).

February 15th – 18th, 2010
Andrzej Frycz Modrzewski Cracow College
Krakow, Poland

Achieving compliance to an ever growing number of regulatory requirements, such as reporting practices and treatment of personal information, poses a grand challenge to enterprises of all sizes. Such requirements stipulate the reliable deployment of a number of accountable activities which must be periodically validated by means of third-party audits. To conduct adequate validation in a timely, cost-effective and reliable manner, enterprises are advancing the automation of business process and the corresponding controls.
Controls subsume organizational measures and security mechanisms for enforcing regulatory laws and detecting regulation deviations, opening up the chance to react timely. However, deploying such controls is a challenging task yet not completely understood: Unexpected interactions between controls and business processes might arise, leading to inconsistencies, compliance violations and conflicts with the operative goals of business processes and, thereby, opening up risks. Also, a too restrictive, risk-averse enforcement of regulations is not optimal with regard to the operational use of upcoming technologies, such as service-oriented architectures or cloud computing, since it may hinder the harvesting of their full potential. Addressing these issues is of primary relevance and requires well-founded, cross-disciplinary approaches to reason about and bridge the technical and economical perspectives of the deployment of controls.
The goal of this workshop is to bring together researchers and practitioners working on innovative methods for managing compliance, risk and security. The focus of the workshop is primarily on the integration of economical and technical research, yet it encourages papers with a cross-disciplinary character, encompassing for instance legal and sociological aspects, as well as papers more purely focused on information technology.

Submission topics include, but are not limited to:

Process and workflow modeling and simulation
Process-oriented risk management
Security issues on workflows
Process reconstruction
Accountability and liability
Policy enforcement
Usage control
Audit strategies
Secure logging mechanisms
Monitoring techniques
Implementation experiences

Important dates

Submission Deadline
October, 15th 2009
Author Notification
 November, 01st 2009
Author Registration
 November, 14th, 2009
Proceedings Version
 November, 14th 2009
 February, 15th - 18th 2010

Submission Guidelines

The submission guidelines valid for the ECCA workshop are the same as for the ARES conference. They can be found at:


Submission of a paper implies that should the paper be accepted, at least one of the authors will register and present the paper in the conference.

Workshop Co-Chairs

Dr. Stefan Sackmann

University of Freiburg


Dr. Rafael Accorsi

University of Freiburg


Program Committee

Prof. Dr. Dogan Kesdogan, University of Siegen (t.b.c.)
Prof. Dr. Günter Müller, University of Freiburg
Prof. Dr. Hannes Federrath, University of Regensburg (t.b.c.)
Dr. Martin Reichenbach, Commerzbank AG
Prof. Dr. Alessandro Acquisti , CMU Pittsburgh (t.b.c.)
Prof. Dr. Noboru Sonehara, NII, Tokyo (t.b.c.)
Prof. Dr. Alexander Pretschner, TU Kaiserslautern (t.b.c.)
Prof. Dr. Ruth Breu, University of Innsbruck (t.b.c.)
Prof. Dr. Sandro Etalle, TU Eindhoven (t.b.c.)
Prof. Isao Echizen, NII Tokyo (t.b.c.)
Matthias Enzmann, SIT Darmstadt (t.b.c.)
Prof. Dr. Peter Buxmann, TU Darmstadt (t.b.c.)
Dr. Markus Aleksy, University of Mannheim (t.b.c.)
Prof. Dr. Ernesto Damiani, University of Milan (t.b.c.)
Dr. Sven Graupner, HP Labs Palo Alto (t.b.c.)
Prof. Helene Kirchner, INRIA Bordeaux (t.b.c.)
Dr. Siani Pearson, HP Labs, Bristol (t.b.c.)