The Eighth Annual Working Conference of Information Security Management and Small Systems Security, jointly presented by WG11.1 and WG11.2 of the International Federation for Information Processing (IFIP), focuses on various state-of-art concepts in the two relevant fields. The conference focuses on technical, functional as well as managerial issues. This working conference brings together researchers and practitioners of different disciplines, organisations, and countries, to discuss the latest developments in (amongst others) information security methods, methodologies and techniques, information security management issues, risk analysis, managing information security within electronic commerce, computer crime and intrusion detection. We are fortunate to have attracted two highly acclaimed international speakers to present invited lectures, which will set the platform for the reviewed papers. Invited speakers will talk on a broad spectrum of issues, all related to information security management and small system security issues. These talks cover new perspectives on electronic commerce, security strategies, documentation and many more. All papers presented at this conference were reviewed by a minimum of two international reviewers. We wish to express our gratitude to all authors of papers and the international referee board. We would also like to express our appreciation to the organising committee, chaired by Gurpreet Dhillon, for all their inputs and arrangements. Finally, we would like to thank Les Labuschagne and Hein Venter for their contributions in compiling this proceeding for WG11.1 and WG 11.2.

The 7th Annual Working Conference of ISMSSS (lnformation Security Management and Small Systems Security), jointly presented by WG 11.1 and WG 11.2 of the International Federation for Information Processing {IFIP), focuses on various state-of-art concepts in the two relevant fields. The conference focuses on technical, functional as well as managerial issues. This working conference brings together researchers and practitioners of different disciplines, organisations, and countries, to discuss the latest developments in (amongst others) secure techniques for smart card technology, information security management issues, risk analysis, intranets, electronic commerce protocols, certification and accreditation and biometrics authentication. W e are fortunate to have attracted at least six highly acclaimed international speakers to present invited lectures, which will set the platform for the reviewed papers. Invited speakers will talk on a broad spectrum of issues, all related to information security management and small system security issues. These talks cover new perspectives on secure smart card systems, the role of BS7799 in certification, electronic commerce and smart cards, iris biometrics and many more. AH papers presented at this conference were reviewed by a minimum of two international reviewers. W e wish to express our gratitude to all authors of papers and the international referee board. W e would also like to express our appreciation to the organising committee, chaired by Leon Strous, for aU their inputs and arrangements.

Recent advances in technology and new software applications are steadily transforming human civilization into what is called the Information Society. This is manifested by the new terminology appearing in our daily activities. E-Business, E-Government, E-Learning, E-Contracting, and E-Voting are just a few of the ever-growing list of new terms that are shaping the Information Society. Nonetheless, as "Information" gains more prominence in our society, the task of securing it against all forms of threats becomes a vital and crucial undertaking. Addressing the various security issues confronting our new Information Society, this volume is divided into 13 parts covering the following topics: Information Security Management; Standards of Information Security; Threats and Attacks to Information; Education and Curriculum for Information Security; Social and Ethical Aspects of Information Security; Information Security Services; Multilateral Security; Applications of Information Security; Infrastructure for Information Security Advanced Topics in Security; Legislation for Information Security; Modeling and Analysis for Information Security; Tools for Information Security. Security in the Information Society: Visions and Perspectives comprises the proceedings of the 17th International Conference on Information Security (SEC2002), which was sponsored by the International Federation for Information Processing (IFIP), and jointly organized by IFIP Technical Committee 11 and the Department of Electronics and Electrical Communications of Cairo University. The conference was held in May 2002 in Cairo, Egypt.

Revised edition of: Information security for managers.

Security and Privacy in the Age of Uncertainty covers issues related to security and privacy of information in a wide range of applications including: *Secure Networks and Distributed Systems; *Secure Multicast Communication and Secure Mobile Networks; *Intrusion Prevention and Detection; *Access Control Policies and Models; *Security Protocols; *Security and Control of IT in Society. This volume contains the papers selected for presentation at the 18th International Conference on Information Security (SEC2003) and at the associated workshops. The conference and workshops were sponsored by the International Federation for Information Processing (IFIP) and held in Athens, Greece in May 2003.

Create appropriate, security-focused business propositions that consider the balance between cost, risk, and usability, while starting your journey to become an information security manager. Covering a wealth of information that explains exactly how the industry works today, this book focuses on how you can set up an effective information security practice, hire the right people, and strike the best balance between security controls, costs, and risks. Practical Information Security Management provides a wealth of practical advice for anyone responsible for information security management in the workplace, focusing on the ‘how’ rather than the ‘what’. Together we’ll cut through the policies, regulations, and standards to expose the real inner workings of what makes a security management program effective, covering the full gamut of subject matter pertaining to security management: organizational structures, security architectures, technical controls, governance frameworks, and operational security. This book was not written to help you pass your CISSP, CISM, or CISMP or become a PCI-DSS auditor. It won’t help you build an ISO 27001 or COBIT-compliant security management system, and it won’t help you become an ethical hacker or digital forensics investigator – there are many excellent books on the market that cover these subjects in detail. Instead, this is a practical book that offers years of real-world experience in helping you focus on the getting the job done. What You Will Learn Learn the practical aspects of being an effective information security manager Strike the right balance between cost and risk Take security policies and standards and make them work in reality Leverage complex security functions, such as Digital Forensics, Incident Response and Security Architecture Who This Book Is For“/div>divAnyone who wants to make a difference in offering effective security management for their business. You might already be a security manager seeking insight into areas of the job that you’ve not looked at before, or you might be a techie or risk guy wanting to switch into this challenging new career. Whatever your career goals are, Practical Security Management has something to offer you.

Computers at Risk presents a comprehensive agenda for developing nationwide policies and practices for computer security. Specific recommendations are provided for industry and for government agencies engaged in computer security activities. The volume also outlines problems and opportunities in computer security research, recommends ways to improve the research infrastructure, and suggests topics for investigators. The book explores the diversity of the field, the need to engineer countermeasures based on speculation of what experts think computer attackers may do next, why the technology community has failed to respond to the need for enhanced security systems, how innovators could be encouraged to bring more options to the marketplace, and balancing the importance of security against the right of privacy.

Provides research on the social and human aspects of information security. Presents the latest trends, issues, and findings in the field.