The CPRA’25 workshop invites submissions presenting original and impactful research on all dimensions of cybersecurity and privacy risk assessment. This workshop serves as a collaborative platform to consolidate cutting-edge research, methodologies, and tools that cover the entire risk assessment lifecycle, including asset identification, threat modelling, risk scoring, risk treatment, mitigation strategies, and decision-making processes.
In addition to addressing technical aspects of cybersecurity and data privacy, CPRA’25 places a strong emphasis on human factors in risk assessment. Contributions that examine the interplay between human perceptions, cognitive biases, and decision-making in risk evaluations are particularly encouraged. The workshop aims to reflect the multifaceted nature of risk assessment, incorporating both objective and subjective inputs and exploring their influence on outcomes in diverse
operational contexts.
We welcome submissions from a broad spectrum of research areas and methodologies, including empirical studies, design research, systematisation of knowledge, systematic reviews, and visionary or position papers that present forward-looking ideas or critique existing paradigms. Contributions may focus on theoretical frameworks, applied case studies, innovative tools, or multidisciplinary approaches that align with the themes of the workshop.
-
Automated risk assessment: Development and deployment of dynamic and automated risk assessment tools and frameworks
-
Risk assessment in dynamic environments: Addressing risks in rapidly changing and complex ecosystems, including adaptive strategies
-
Advanced TARA methodologies and frameworks: Innovations in TARA frameworks for enhanced threat identification and risk mitigation
-
Privacy risk assessments: Strategies for evaluating and mitigating risks to privacy in interconnected systems
-
Data privacy impact assessments: Tools and methodologies to quantify and address privacy risks in compliance with key regulations
-
Human factors in risk assessment: Exploring the impact of human inputs, biases, and behaviours on risk evaluation outcomes
-
Risk perception: Studies on how stakeholders perceive risks and their implications for risk management strategies
-
Compliant risk assessment methodologies with the key regulations and standards: Approaches aligned with regulations such as GDPR, AI Act, and CRA
-
AI-based risk assessment tools: Uptake of AI-enabled methods and tools to enhance and automated risk modelling and mitigation
-
STRIDE and LINDDUN automation: Automating standard risk and threat modelling methodologies and their application to various industry domains
-
Risk assessment case studies in IoT and smart infrastructure: Real-world applications in IoT ecosystems and intelligent infrastructures
-
Integration of privacy and security in risk models: Unified approaches to address overlapping privacy and security risks
-
Risk management in software development: Practices to embed risk assessment within the software development lifecycle
-
Safety hazards-controlling tools: Techniques to identify and control safety-related risks
-
Security oriented quantitative and/or qualitative risk assessment: Advancements in quantitative and qualitative methods for comprehensive risk analysis
-
Risk assessment and decision making: Decision-support systems and frameworks to prioritise and address risks effectively from interdisciplinary perspectives including, but not limited to legal, economic, technology, usability and social acceptance perspectives
-
Residual risk handling: Frameworks for identifying, quantifying, and managing residual risks after mitigation measures
-
Ethical and legal considerations in cybersecurity assessments: Examining the intersection of ethics, law, and cybersecurity in novel risk assessments methods
-
Multi-criteria decision making and risk mitigation: Approaches for handling trade-offs in multi-objective risk environments