IEEE Security & Privacy is an academic journal published by IEEE. (ISSN 1540-7993, impact factor 3.0).
About IEEE Security & Privacy
IEEE Security & Privacy (S&P)’s mission is to be the best source of reliable, useful, peer-reviewed information for those aiming to understand how systems, data, and people are protected in a world of rapid technology evolution. This bimonthly magazine publishes articles that have clarity and context, targeting a wide audience who understand technology, from developers to executives, managers to policy-makers, and researchers interested in problems with practical impact. Peer-reviewed articles and columns by real-world experts illuminate all aspects of the field, including systems, attacks and defenses, software security, applied cryptography, usability, forensics, big data, ethics, biometrics, and more, with special issues focusing on targeted topics as well as issues devoted to key events and conferences.
S&P is copublished by the IEEE Computer Society and the IEEE Reliability Society. Technical cosponsors are the IEEE Signal Processing Society and IEEE Engineering in Medicine & Biology Society. S&P accepts commercial and classified advertisements. S&P‘s 2024 impact factor is 3.0. Learn about the magazine’s history by exploring the S&P index site, curated by a volunteer.
S&P aims to provide a unique combination of research articles, case studies, tutorials, and departments covering diverse aspects of security and dependability of computer-based systems, including legal and ethical issues, privacy concerns, tools to help secure information, methods for development and assessment of trustworthy systems, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology, and other topics of interest to a general, technically oriented readership. Topics include, but are not limited to:
Network Security
Software and Hardware Security
Systems Security
Embedded Security
Privacy-Enhancing Technologies
Data Analytics for Security and Privacy
Usable Security and Privacy
Physical and Human Security
Wireless and Mobile Security
Security Foundations
Security Economics
Security and Privacy Policies
Integrated Security Design Methods
Critical Infrastructures
Sociotechnical Security and Privacy
Social Networks and Computing
Surveillance
Cybercrime and Forensics
Developer and User Training
Real-World Cryptography
Intrusion Detection
Malware
Scope
IEEE Security & Privacy is the premier magazine of the IEEE Computer and Reliability Societies for informing their members about recent and forthcoming advances in information technology pertaining to security, privacy, and dependability. The magazine seeks creative and novel perspectives on industry practices, research directions, and policy and regulatory matters. In addition to feature articles, special and themed issues, columns, and departments, experts from our community of interest provide insightful commentary on current issues and paradigm shifts via virtual roundtables and podcasts.
In particular, IEEE Security & Privacy looks for articles that identify key research problems for improving computing defenses and for developing more secure and privacy-aware systems, as well as articles that teach readers about emerging technologies that show promise in such areas. IEEE Security & Privacy encompasses a broad range of topics regarding security and privacy and features both peer-reviewed articles as well as departments and columns, which describe perspectives on hot topics from academic and industry leaders in the field.
Special Issue on Inclusive Security and Privacy Engineering
Submission Date: 2026-08-17
This special issue will explore methodological & engineering advances in inclusive security and privacy engineering. Security & privacy provisioning exercises should not only recognize the heterogeneity of individual needs but also reflect them into how systems are conceived, designed and engineered. This is key to security mechanism provisioning exercises particularly for marginalized and disadvantaged groups. Complementing on prior research to bring users at the center of systems design, we focus on methodological considerations to achieve security and privacy for all and not just few. To that end, we solicit research articles, case studies, on the following (but not restricted to) topics.
Methodological advances to capture the security & privacy needs of disadvantaged groups at the intersection of their diverse beings.
Process interventions for inclusive security & privacy engineering in the software development lifecycle.
Novel developer tools for inclusive security & privacy engineering. • AI powered assistants for inclusive security & privacy engineering.
De-colonizing inclusive security and privacy engineering.
PETs for global south.
Accessible PETs for diverse ability individuals.
Study of platform accessibility interventions with respect to security & privacy of their users.
Economics of inclusive security & privacy engineering.
Tech policy interventions for inclusive security and privacy engineering. • Socio technical aspects of methodological interventions to support inclusive security engineering.
Theoretical and empirical contributions to measure security & privacy poverty
Special Issue on Real-World Security: Impact Beyond the Publications
Submission Date: 2026-11-01
Now, more than ever, it is clear that security and privacy are real-world challenges affecting companies, institutions, and individuals in all aspects of daily life. The research community has contributed significantly towards addressing these challenges through finding impactful security vulnerabilities and developing innovative solutions that are now widely deployed. However, achieving this type of direct real-world impact comes with its own set of challenges, which often go beyond what would typically be presented in a research paper.
This special issue solicits articles describing research that has had a direct impact on real-world security and privacy, going beyond a scientific publication. This could range from identifying vulnerabilities in deployed systems through to developing solutions that have been used in practice. Importantly, articles for this special issue should focus on the specific challenges encountered in the process of achieving real-world impact, and how they were overcome. These could include experiences with Coordinated Vulnerability Disclosure (CVD), technical challenges in deploying a mitigation, or socio-technical challenges in navigating ethical, legal, or regulatory considerations. If applicable, articles can group together experiences from several different projects or papers and describe their overall impact.
An ideal article would demonstrate that security and privacy research can have direct real world impact beyond publications, and summarize the lessons learned from that process to help other researchers achieve similar goals. Topics of interest include, but are not limited to:
Experiences with Coordinated Vulnerability Disclosure to industry or open-source projects
Responsibly measuring or quantifying security and privacy risks in real-world systems
Collaborating with industry to improve the security of deployed systems
Defining or contributing to standards that are used in practice
https://www.computer.org/digital-library/magazines/sp/cfp-real-world-security-impact
Special Issue on One Decade of GDPR – Contributions to Data Protection and Future Challenges
Submission Date: 2026-12-01
The EU General Data Protection Regulation (GDPR) was adopted by the European Parliament and the Council of the European Union in 2016 and has, over the last decade, become a “gold standard” for data protection worldwide. It has especially contributed as a global benchmark for strong and comprehensive data privacy by strengthening the fundamental data subject rights of individuals and enhancing accountability and the level of compliance for data controllers and processors, both within and outside Europe, that target customers or track individuals in the EU. Also, other countries outside Europe, including, for instance, Brazil, South Africa, or China, have, partly to achieve compliance with the GDPR and/or to keep up with new technical and societal developments, revised or adopted new data protection laws. Another example is the California Consumer Privacy Act (CCPA) of 2018, which is one of the strongest state privacy laws in the US.
The GDPR has notably promoted the field of privacy-enhancing technologies and other privacy engineering and management approaches by specifically mandating Data Protection by Design and by Default, and by promoting the advantages of standardized privacy icons for enhancing usable transparency, as well as certification in data protection and requirements for conducting data impact assessments.
Despite the important new rules and opportunities that the GDPR has contributed to improving data protection, challenges persist in the area of data protection – both in practice and in research. Particularly, Data Protection by Design is often not systematically implemented on a broad scale in practice, privacy notices, cookie banner and consent forms are still lacking usable transparency, data protection standardization efforts are not well considered and utilized in practice, there is often a lack of efforts put into systematically conducting Data Protection Impact Assessments (DPIAs), and the EU-US data privacy framework for enabling transatlantic data transfers is criticized by privacy experts due to issues with GDPR compliance. Moreover, in our current time of political crisis, an increasing number of cybersecurity attacks have resulted in serious data leaks and breaches.
In addition, emerging technologies as well as modern tracking and online profiling technologies provide serious privacy and data protection threats, and foremost, the recent AI revolution have posed challenges for data protection and for implementing GDPR and ethical principles related to data protection, data governance, data accuracy, transparency, human oversight, and fairness. This has also led to debates and proposals for weakening GDPR principles that are difficult for AI systems, such as Large Language Models (LLMs), to comply with.
Further efforts are needed to develop robust and trustworthy AI technologies, including privacy-enhancing technologies for AI, as well as utilizing AI technologies in a privacy-enhancing manner to improve usable privacy.
This Special Issue is dedicated to the 10th Anniversary of the GDPR. We invite articles providing a critical appraisal of the implementation of the GDPR, and/or of other novel data protection or privacy legal frameworks, including CCPA, from other parts of the world, in practice. We particularly also seek articles addressing challenges for upholding privacy principles despite geopolitical barriers and/or rapid technical changes and issues, including, but not limited to,
Privacy threats by advanced tracking and profiling technologies
Privacy- and Transparency-enhancing Technologies
Data Protection by Design and by Default
Data Protection and Fundamental Rights Impact Assessment Frameworks
Privacy and data protection standardization and certification
Usable privacy and transparency
Consent Management
Data protection and digital sovereignty
Personalized Privacy Assistants
AI-based attacks and challenges for enforcing data protection principles
Privacy threats of agentic AI and LLM-based systems
Analysis of simplification proposals for the GDPR, incl. EU Omnibus Regulation, and other new privacy and data protection legislation
Privacy engineering methods, tools. techniques and empirical studies
https://www.computer.org/digital-library/magazines/sp/cfp-one-decade-gdpr-challenges