Skip to main content

34th Colloquium on Information Security

34th Colloquium on Information Security

  • Date12 October 2023

Update: 9 November We regret to announce the 34th Colloquium on Information Security is cancelled due to unforeseen circumstances.

Padlock, globe, circuit board, electronic, microchip - Information Security

The Information Security Group at Royal Holloway University of London was due to hold its 34th Colloquium on Information Security on Thursday 14 December 2023. The Colloquium is sponsored by Arco Cyber and Via Resource.

The Colloquium will be on the topic of "Risky Thoughts: Navigating the Ethical, Legal and Economic Complexities in Modern Cybersecurity" and presentations/provocations are sought.

It is widely recognised that cybersecurity is no longer merely a technical field; it is interwoven with ethical considerations, legal frameworks, economic factors, and fundamentally, human decision-making as well as wider social and cultural aspects. Research across social and technical domains has demonstrated this need to broaden the understanding of and approach to cybersecurity.  Adams and Sasse (1999) told us more than 20 years ago that “users are not the enemy”, thus, highlighting the intrinsic relationship between people, technology and their contextual environment in and for security. More recently, researchers have pointed to the critical role of lawyers (Woods & Ceros, 2021) and insurance brokers (Woods et al., 2023) in cybersecurity. A growing body of work has also explored the cybersecurity needs of among “higher-risk” populations not usually considered in the development of security technology and policy (Warford et al., 2022), while questions related to surveillance practices have received distinct attention (Gürses, Kundnani & Van Hoboken, 2016). Further, researchers have challenged the language used in cybersecurity (Da Silva, 2023) and the distinct role of CISOs (Da Silva & Jensen, 2022). Others have spotlighted the often hidden and under-valued carework underpinning security practice  (Kocksch et al., 2018), and accessible and inclusive cybersecurity (Renaud & Coles-Kemp, 2022). While these are by no means exhaustive, they highlight the diversity of thought that underpin modern cybersecurity.

Such developments challenge us to look beyond the technical – and technological – aspects of cybersecurity, and to turn our attention to ideas and questions that provoke new ways of thinking in cybersecurity; what we refer to as “risky thoughts”. With this in mind, the aim of this event is to initiate discussions across a spectrum of areas directly or indirectly entangled with cybersecurity. A number of disciplinary perspectives and fields of expertise across industry, policy and academia are critical to this theme and our goal is to bring together their respective contributions in the form of 15-minute presentations.

More information can be found in the Call for Presentations / Provocations (included in full below), with abstracts being due by 5pm GMT on 9 November 2023.

 

Call for Presentations / Provocations

This year’s Colloquium will therefore be of relevance to, and expects contributions from, a range of fields on the topic of Risky Thoughts: Navigating the Ethical, Legal, and Economic Complexities in Modern Cybersecurity. We are particularly interested in presentations that explore the ethical complexities, legal intricacies, and economic implications across the field of modern cybersecurity. Topics may include, but are not limited to, the ones outlined below. Submissions that challenge traditional norms, provoke critical thinking, or offer innovative insights into the multifaceted landscape of modern cybersecurity are especially welcome.

1. Ethical Complexities:

  • Privacy and Security: ethical dilemmas relating to individual privacy and collective security; utilisation of mass surveillance tools
  • Data Ethics: ethical considerations in data collection, storage, and sharing; informed consent in cyber contexts
  • Security at the Margins: ethical concerns about unequal access to cybersecurity resources; collaborative cybersecurity practices across the Global North and Global South
  • Human Rights in Cyberspace: censorship and ethical boundaries in digital contexts; digital rights as human rights
  • Responsibility and Blame: ethical considerations when attributing blame for cyber-attacks; corporate responsibility in protecting consumer data.

 2. Legal Complexities:

  • Legal Ramifications of Cyber Attacks: legal responsibility in the aftermath of a cyber attack; case studies on lawsuits and legal actions following major breaches
  • Intellectual Property and Cybersecurity: the legality of reverse engineering and code analysis; protecting intellectual property in cyberspace
  • International Cyber Law: legal challenges in tackling cybercrime that transcends national boundaries; the role of international organisations and treaties
  • Contractual Obligations and Third-Party Risks: vendor contracts and liability clauses in the context of cybersecurity; legal aspects of third-party risk management

 

3. Economic Complexities in Cybersecurity

  • Return on Security Investment (ROSI): evaluating the financial benefits of investing in cybersecurity infrastructure and training
  • Cyber Insurance: the role, benefits and limitations of cyber insurance as a risk management strategy
  • Resource Allocation: economic models for optimal allocation of resources in cybersecurity operations
  • Cybersecurity and Economic Policy: how government policy and international trade agreements can impact cybersecurity posture

 

Submission guidelines

We welcome abstracts of up to 300 words. The abstract should explain the overarching topic of the presentation, while highlighting how it will contribute to the “risky thoughts” theme.  Abstracts should be submitted through Google Forms here:

https://forms.gle/WU5Mdkmvh6Pr1XxT8

 

Submission deadline is 5pm GMT on 9 November 2023.

Abstracts will be reviewed by the Scientific Committee and assessed according to the thematic focus of the event: Risky Thoughts. It is expected that accepted abstracts will feed into group and panel discussions, while presenters will be invited to be part of an accelerator programme where they can test their ideas and provocations within an industry setting.

Any questions can be directed to Rikke Bjerg Jensen (rikke.jensen [at] rhul.ac.uk) in the Information Security Group at Royal Holloway.

 

Scientific Committee

  • Professor Lizzie Coles-Kemp, Head of Department, Information Security Group
  • Dr Joseph Da Silva, CISO, RS Group plc.
  • Dr Rikke Bjerg Jensen, Reader, Information Security Group

 Important dates

11 October 2023: Call for Presentations/Provocations launch

9 November 2023: deadline for abstract submission

16 November 2023: notification of acceptance sent to contributors

14 December 2023: Colloquium held at Royal Holloway

 

References

Adams A, Sasse MA. Users are not the enemy. Communications of the ACM. 1999 Dec 1;42(12):40-6.

Da Silva J. Protection, expertise and domination: Cyber masculinity in practice. Computers & Security. 2023 Oct 1;133:103408.

Da Silva J, Jensen RB. " Cyber security is a dark art": The CISO as Soothsayer. Proceedings of the ACM on Human-Computer Interaction. 2022 Nov 11;6(CSCW2):1-31.

Gürses S, Kundnani A, Van Hoboken J. Crypto and empire: The contradictions of counter-surveillance advocacy. Media, Culture & Society. 2016 May;38(4):576-90.

Kocksch L, Korn M, Poller A, Wagenknecht S. Caring for IT security: Accountabilities, moralities, and oscillations in IT security practices. Proceedings of the ACM on Human-Computer Interaction. 2018 Nov 1;2(CSCW):1-20.

Renaud K, Coles-Kemp L. Accessible and inclusive cyber security: a nuanced and complex challenge. SN Computer Science. 2022 Jun 22;3(5):346.

Warford N, Matthews T, Yang K, Akgul O, Consolvo S, Kelley PG, Malkin N, Mazurek ML, Sleeper M, Thomas K. Sok: A framework for unifying at-risk user research. In2022 IEEE Symposium on Security and Privacy (SP) 2022 May 22 (pp. 2344-2360). IEEE.

Woods DW, Böhme R, Wolff J, Schwarcz D. Lessons lost: Incident response in the age of cyber insurance and breach attorneys. InProceedings of the 32nd USENIX Security Symposium, Anaheim, California 2023 Aug.

Woods DW, Ceross A. Blessed are the lawyers, for they shall inherit cybersecurity. InNew Security Paradigms Workshop 2021 Oct 25 (pp. 1-12).

 

More news

Browse all news

Royal Holloway named Chartered Institute of Information Security’s Academic Partner of the Year 2025

26 Nov 2025

The award celebrates Royal Holloway’s leadership in cyber education and its impactful partnership with CIISec through the CyberEPQ programme.

New domestic tech abuse handbook launched to help victims

25 Nov 2025

A new research-led digital handbook for victims of domestic tech abuse has been launched by Surrey Domestic Abuse Partnership (SDAP) and Royal Holloway.

ISG academic provides expert comment on cloud services outages

05 Nov 2025

Dr Saqib Kakvi provides a range of comments to the media following major outages in cloud services in October 2025

Academic becomes one of the Top 50 Women in Engineering

24 Jun 2025

Dr Fauzia Idrees, from ISG has become one of 50 women in the UK to win the Women’s Engineering Society (WES) award (WE50).

Explore Royal Holloway