Information Security Journals :: The good, the bad, and the ugly

Below, I’ve listed a bunch of security-related academic journals. Each journal appears in one of the following categories:

The good — These are the journals that stand out in my mind as having consistently high quality articles.
The OK — In my view, articles in these journals are significantly more uneven in quality than those among The good journals, but still generally not bad.
The bad — These are pretty bad.
The not sure — For these journals, I just can’t tell.
The ugly — These are the journals that charge authors a fee for publication. Below, I discuss why I consider such journals to be totally bogus.

The ratings here are just my own personal opinion. I’ve published in a fair number of these journal and I’ve reviewed articles for many more. Just because I’ve published in (or reviewed for) a journal, doesn’t necessarily mean it gets a high rating. For example, I’ve published in one of the journals in The bad category, and in one of The ugly journals (I’ve got an excuse for that one). On the other hand, I’ve never published in several of The good journals. So, I’d like to think that I’m being at least moderately objective.

Of course, any rating system is going to depend somewhat on personal preferences, so here’s mine. I’m definitely biased against overly theoretical articles, at least in the security domain. I’m a mathematician by training, so I can appreciate the value of a good theorem. However, it seems to me that more often than not, theoretical results in security serve primarily to obfuscate essentially simple ideas, rather than to enlighten. Maybe someday I’ll get smarter and realize that I’m wrong about this.

The real reason I put together this list is because I’ve recently seen a lot of “open access” security journals that charge authors a fee for the privilege of publishing an article. In some cases, such journals don’t make it very clear that the author has to pay a fee. If nothing else, this list should make it easier to avoid pay-for-publication journals, if that’s your desire (as it is mine).

The purpose of open access is to make publications freely available online. This sounds like a noble idea, since everyone knows that free stuff is always better. However, charging authors a fee to publish is, IMHO, utterly indefensible. I can think of at least three serious problems with such an approach. First, to create any respectable article, an author has to do a lot of work, usually for little or no financial reward. Charging an author money to publish is like charging a medical doctor a fee for the right to treat a patient (I hope I didn’t just give Obama any ideas…).

Second, charging a fee for publication creates a perverse incentive for a journal. Traditional paper journals bear a cost for each article published and, to survive, they need paid subscribers. Consequently, such journals have a financial incentive to accept only the highest quality papers that they can attract. In contrast, open access journals have a financial incentive to accept as many articles as they can cram into their journal, regardless of quality. Many open access journals are available only in electronic form, which makes this perverse incentive far more perverse.

Third, to my mind, open access looks a whole lot like vanity publishing. It seems to me that any time an author has to pay to get an article published, that article should be highly suspect.

Anyways, without further adieu, here’s my list of security journals, with a brief comment on each. Note that within each category, the journals are listed in no particular order. Also, I don’t claim that this list is anywhere near exhaustive. If you know of missing security journal that could be included, or if you find errors, please let me know.

The good
Journal of Computer Virology and Hacking Techniques (formerly Journal of Computer Virology)
Abbreviation: JICV
Imprint: Springer
Comment: This is the only journal that I know of that is focused primarily on malware. Articles are generally of a fairly high quality with a good mix of theory and application. But, much of my recent research has been malware related, so I’m biased.

Information Management & Computer Security
Abbreviation: IMCS
Imprint: Emerald
Comment: This journal looks to be strong within its domain. As the name implies, this one tilts toward “information management”, but articles still generally have some technical depth.

International Journal of Network Security
Abbreviation: IJNS
Imprint: none
Comment: Looks interesting—some rigor without going overboard on the theory, and lots of relevant topics.

Cryptologia
Abbreviation: none
Imprint: Taylor & Francis
Comment: The emphasis is on historical ciphers. Generally, great fun to read and articles almost invariably provide a nice introduction to cryptography and/or a historical topic.

Journal of Cryptology
Abbreviation: JOC
Imprint: Springer
Comment: The ultimate modern cryptography journal, but definitely not for the faint of heart.

Journal of Cryptographic Engineering
Abbreviation: JCEN
Imprint: Springer
Comment: A fairly new journal that looks to have some very interesting articles.

IEEE Transactions on Dependable and Secure Computing
Abbreviation: TDSC
Imprint: IEEE
Comment: Contains a wide variety of articles, and most appear to be interesting and highly relevant. I definitely need to read this one more often.

IEEE Transactions on Information Forensics and Security
Abbreviation: TIFS
Imprint: IEEE
Comment: In spite of the name, this journal has articles in many areas of security, with only a slight emphasis on forensics. I’m not convinced the articles are consistently that impressive, but hey, it’s an IEEE transaction, so it’s got to be prestigious, right?

ACM Transactions on Information and System Security
Abbreviation: TISSEC
Imprint: ACM
Comment: Covers a lot of different topics, usually from a rather theoretical point of view.

The OK
Information Security Journal: A Global Perspective
Abbreviation: ISJ
Imprint: Taylor & Francis
Comment: Articles here seem to be of consistent good quality, and they cover a wide range of interesting and relevant topics. I’ve also been impressed by their review process.

Computers & Security
Abbreviation: COSE
Imprint: Elsevier
Comment: I’ve reviewed many articles for this journal and even published in it. This one has to have the most annoying review process—both from the perspective of reviewer and reviewee—of any journal I’ve ever dealt with. Specifically, I’ve seen many cases where their reviewers obviously didn’t bother to read the articles they’re supposedly reviewing.

IET Information Security
Abbreviation: IETIS
Imprint: IET
Comment: The editorial board is focused on cryptography. Not surprisingly, recent articles tend to be heavy on cryptography, or similar.

International Journal of Information Security
Abbreviation: IJIS
Imprint: Springer
Comment: Top-heavy with theory.

Journal of Information Assurance and Security
Abbreviation: JIAS
Imprint: Dynamic Publishers, Inc.
Comment: Looks like an interesting mix of articles. However, in general, I’d suggest a lot of skepticism when it comes to cryptography articles published in general security journals, and this journal has several recent cryptography-related articles. So, reader beware.

Journal of Computer Security
Abbreviation: JCS
Imprint: IOS Press
Comment: From my perspective, this looks to be way too theoretical. But that’s the way some people like their security.

International Journal of Security and Networks
Abbreviation: IJSN
Imprint: Inderscience Publishers
Comment: Seems to be a pretty solid journal, especially for one without a big-name publisher behind it.

International Journal of Electronic Security and Digital Forensics
Abbreviation: IJESDF
Imprint: Inderscience Publishers
Comment: Another respectable journal from Inderscience.

International Journal of Information Privacy, Security and Integrity
Abbreviation: IJIPSI
Imprint: Inderscience Publishers
Comment: Fairly new and looks to be reasonably good.

The bad
International Journal of Computer Network and Information Security
Abbreviation: IJCNIS
Imprint: MECS Publisher
Comment: There’s no publication charge, which is the only good thing I can say about it. There is not much of a review process, and it shows in many of the articles. Also, they require Microsoft Word documents for submission—how Mickey Mouse is that?

International Journal of Information Security and Privacy
Abbreviation: IJISP
Imprint: IGI Global
Comment: This one seems to have an excess of fluff articles.

The not sure
Journal of Network and Information Security
Abbreviation: JNIS
Imprint: Publishing India
Comment: The first issue has not yet been published (as of mid-August 2013), but it does not look promising since they only accept submissions in “OpenOffice, Microsoft Word, RTF, or WordPerfect document file format”. Also, based on the website, grammar is not their strong suit. On the upside, at least they do not charge a publication fee.

Journal of Information System Security
Abbreviation: JISSec
Imprint: None
Comment: A quick look at recent articles reveals a lot of policy-related and similar puff pieces.

International Journal on Network Security
Abbreviation: IJNS (yes, there are at least 2 journals with IJNS as their abbreviation)
Imprint: ACEEE
Comment: I’m not familiar with this journal and, apparently, they like it that way. Although it’s said to be open access, I can’t seem to access any of their articles. Does this journal really exist?

International Journal of Digital Evidence
Abbreviation: IJDE
Imprint: Utica College
Comment: As the name suggests, this one is very specialized. As far as I can tell, it contain only “white papers”, not your usual technical journal papers.

Information Security Technical Report
Abbreviation: ISTR
Imprint: Elsevier
Comment: Looks like it might be interesting, but every issue appears to be a “special issue”, i.e., focused on a single topic, which could make it tricky to get published here.

International Journal of Multimedia Intelligence and Security
Abbreviation: IJMIS
Imprint: Inderscience Publishers
Comment: Seems to have stopped publishing—the most recent issue I can find appeared in 2011.

International Journal of Information and Computer Security
Abbreviation: IJICS
Imprint: Inderscience Publishers
Comment: The last issue available seems to be from mid-2012, so this one might be deceased too.

Designs, Codes and Cryptography
Abbreviation: DCC
Imprint: Springer
Comment: A strong journal, but, really, this is a math journal. Often, the link (if any) to cryptography is tenuous, at best.

The ugly
International Journal of Information Sciences and Computer Engineering
Abbreviation: IJISCE
Imprint: None
Comment: This “open access” journal charges authors a publication fee of 285 euros. It also seems to publish lots of very dubious papers.

International Journal of Network Security & Its Applications
Abbreviation: IJNSA
Imprint: AIRCC
Comment: Charges $120. I guess that might be considered a bargain in this genre. But, come to think of it, you usually get what you pay for.

International Journal of Computer Science and Network Security
Abbreviation: IJCSNS
Imprint:
Comment: This journal has a $400 “publication fee”. This one looks to be even more totally bogus than the other totally bogus journals listed here. That’s an accomplishment, of sorts.

International Journal of Information and Network Security
Abbreviation: IJINS
Imprint: IAES
Comment: Charges an $80 publication fee and, get this, a $40 “fast-track review” fee, which guarantees a review within two weeks. What a joke.

Journal of Information Security
Abbreviation: JIS
Imprint: SCIRP
Comment: Charges $500 per article. Once upon a time, I actually published an article in this one, but back then they were not charging a fee. If I’d realized they were planning to charge authors for publication, I would have avoided it like the plague.

Security Informatics
Abbreviation: none
Imprint: Springer
Comment: Open access (charges $1015 per article) with a heavy emphasis on policy (that’s 4 strikes). Do people actually pay this outrageous fee? And what’s up with Springer getting into this scam? I hate to admit it, but this one might actually have a few respectable articles.

EURASIP Journal on Information Security
Abbreviation: unknown
Imprint: Springer
Comment: Another Springer open access journal—this one charges $635 per article. Apparently, this journal was recently transferred from some minor league publisher to Springer, and it shows.

International Journal on Cryptography and Information Security
Abbreviation: IJCIS
Imprint: AIRCC Publishing Corporation
Comment: This open access journal charges $120 and requires use of their MS Word template. Need I say more? No, but I will. As the name implies, the focus is on cryptography, and a lot of cryptography means a lot of math typesetting… in MS Word. The results are not pretty with, for example, blurry screen snapshots of formulas (originally typeset in TeX) pasted into published documents. I wouldn’t accept that in an undergraduate student report.

Other relevant link(s)
Microsoft Academic gives this ranking of information security journals.

Source: http://cs.sjsu.edu/~stamp/securityJournals.html

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s