Conference Description
Key Takeaways
- International symposium examining human factors in information security and assurance
- Addresses social engineering, insider threats, security awareness and user compliance challenges
- Designed for academic researchers, security professionals, CISOs and policy makers
- Organised by IFIP Technical Committee 11 Working Group 12 with Springer publishing accepted papers
- Three-day in-person event hosted at Örebro University in Sweden
Introduction
The IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA 2026) convenes researchers and practitioners to examine one of cybersecurity’s most persistent challenges: the human element. While organisations continue to invest heavily in technical defences, security incidents frequently trace back to human decisions, behaviours and oversights. This symposium provides a dedicated forum for exploring how user behaviour, organisational culture and social dynamics influence the effectiveness of security programmes.
The timing reflects growing recognition across the security industry that technological controls alone cannot address the full spectrum of threats facing modern organisations. Phishing attacks have grown increasingly sophisticated, insider threats remain difficult to detect through purely technical means, and security awareness programmes often struggle to produce lasting behavioural change. HAISA 2026 brings together academic research and practical experience to advance understanding of these interconnected challenges.
About the Symposium
HAISA 2026 is organised by IFIP Technical Committee 11 Working Group 12, a body within the International Federation for Information Processing that focuses specifically on human aspects of information security. The symposium operates as a peer-reviewed academic conference, with all accepted papers published by Springer and indexed in major academic databases. This publication pathway ensures that research presented at the event contributes to the broader scholarly record and remains accessible to the international research community.
The journal Information & Computer Security serves as a co-sponsor, reinforcing the symposium’s academic credentials and its connection to ongoing research in the field. Örebro University in Sweden hosts the three-day event, providing an environment suited to both formal presentations and the informal discussions that often prove equally valuable at academic gatherings.
The Human Factor in Cybersecurity
Technical security measures operate within environments shaped by human decisions at every level. Firewalls, encryption and access controls can be undermined by a single employee responding to a convincing phishing email or sharing credentials with a colleague for convenience. Understanding why these behaviours occur—and how to design systems and programmes that account for human tendencies—requires insights that extend beyond traditional computer science into psychology, organisational behaviour and communication studies.
Social engineering represents one of the most direct intersections between human psychology and security threats. Attackers exploit cognitive biases, authority relationships and time pressure to manipulate individuals into actions that compromise organisational security. Defending against these attacks requires understanding both the techniques employed by adversaries and the psychological vulnerabilities they target.
Insider threats present different but equally complex challenges. Whether motivated by financial gain, grievance or simple negligence, employees with legitimate access can cause significant harm. Technical monitoring can detect some anomalous behaviours, but effective insider threat programmes must also consider organisational culture, management practices and the factors that influence employee loyalty and engagement.
Primary Discussion Topics
The symposium addresses several interconnected themes that reflect current priorities in human-centric security research. Organisational security culture examines how shared values, norms and practices within organisations influence security outcomes. Research in this area explores how culture develops, how it can be measured, and what interventions prove effective in shifting cultural attitudes toward security.
User behaviour and compliance remains a central concern for security practitioners. Policies that employees find burdensome or confusing often produce workarounds that create new vulnerabilities. Research presented at HAISA explores the gap between intended security behaviours and actual practice, seeking approaches that align security requirements with how people naturally work.
Security awareness and training programmes represent substantial investments for many organisations, yet measuring their effectiveness proves difficult. The symposium provides a venue for examining what makes awareness programmes successful, how learning translates into behaviour change, and how organisations can move beyond checkbox compliance toward genuine security consciousness.
The interplay between technology design and human factors also features prominently. Security tools that frustrate users or interrupt workflows may be disabled or circumvented. Research in this area examines how security can be integrated into systems in ways that support rather than hinder user goals, reducing the friction that often leads to insecure behaviours.
Bridging Research and Practice
One of the symposium’s distinguishing characteristics is its explicit focus on connecting academic research with practical application. While many security conferences cater primarily to either researchers or practitioners, HAISA deliberately brings both communities together. This creates opportunities for researchers to understand the real-world constraints facing security professionals and for practitioners to learn about emerging research that may inform their programmes.
The challenges addressed at HAISA do not yield to simple solutions. Changing human behaviour requires sustained effort, and interventions that work in one organisational context may fail in another. The symposium’s format—combining formal paper presentations with opportunities for extended discussion—supports the kind of nuanced exchange needed to advance understanding in this complex domain.
Who Should Attend
HAISA 2026 serves several distinct professional communities. Academic researchers working on human factors in security, including faculty members and doctoral students, will find a peer community and publication opportunities. The symposium’s proceedings, published by Springer, provide a respected venue for disseminating research findings.
Security professionals responsible for awareness programmes, policy development or organisational security culture will encounter research that can inform their practical work. Chief Information Security Officers and security managers facing persistent challenges with user compliance or insider risk may find new frameworks for understanding and addressing these issues.
Policy makers working on cybersecurity regulation and guidance increasingly recognise that effective policy must account for human factors. The symposium offers exposure to current research on how people actually interact with security requirements, which can inform more realistic and effective policy approaches.
The Continuing Relevance of Human-Centric Security
As organisations adopt increasingly sophisticated technical defences, attackers naturally shift their focus toward human targets. The rise of artificial intelligence introduces new dimensions to this challenge, enabling more convincing phishing attempts and social engineering at scale while also offering potential defensive applications. These developments ensure that human factors will remain central to information security for the foreseeable future.
HAISA 2026 provides a venue for examining these evolving challenges through rigorous research and informed professional discussion. For those working at the intersection of human behaviour and information security, the symposium offers both intellectual engagement and practical insights that can strengthen organisational security programmes.