PDF Version

Co-Chairs
Dr. Alfonso Rodríguez
University of Bio-Bio
Chile
alfonso@ubiobio.cl

Dr. Mariemma Yagüe
University of Málaga
Spain
remove-mariemma@lcc.uma.es

Dr. Eduardo Fernández-Medina
University of Castilla-La Mancha
Spain
Eduardo.FdezMedina@uclm.es

Workshop Background and Goals
Information Systems Security is one of the most pressing challenges facing all kind of organizations today. Although many companies have discovered how critical information is to the success of their business or operations, very few have managed to be effective in keeping their information safe, in avoiding unauthorized access, preventing intrusions, stopping secret information disclosure, etc.
Nowadays, rapid technological advances are stimulating a greater use of information systems in organizations world-wide, which handle large quantities of data, managed by huge databases and datawarehouses. In addition, information systems quite frequently manage information that can be considered sensitive, since it is related to certain intimate or personal aspects of persons (beliefs, medical data, sexual tendencies, etc.) and which must be specially protected.
Many organizations, including not only companies but also governments of several countries, are now realizing how security problems can affect both business success and citizen rights, and they are proposing security policies, security planning, personal data protection laws, etc.
All of these, including technological, legislative, ethical and political factors, justifies the importance of secure information systems, and encourage us to research in new techniques, models and methodologies, which could aid designers developing and implanting safe information systems which both protect information and keep within the law.
In some sense, standards are always present in many security areas: Cryptographic protocols are standardized, and web services security are based on standard specifications; Biometric security needs different standards, and risk management can be performed following standards. In fact, there are many people working in security standards development, and many other people are working in using, adapting, extending and redefining these standards.
In this new edition of WOSIS, the traditional information systems security will be maintained but taking into account standards in the field and we will add some general topics concerning the standardisation process, or their impact on the marketplace. Our objective is WOSIS 2008 will present new developments, lessons learned from real world cases, and would provide the exchange of ideas and discussion on all the expert areas CS&I.

Topics of interest
Topics of interest include, but are not limited to:

• Standards for Security
• Security for Grid computing
• Web Services Security
• Security for Mobile Computing
• Security for Electronic Commerce and Electronic Business
• Security for Databases and Data Warehouses
• Business Process Security
• Metrics for Security
• Biometric Security
• Network Security
• Security Requirements Engineering
• Digital Rights Management (DRM). Mobile DRM.
• Access Control and Rights Expression Languages.
• Security & Trust Models
• Semantic Web Technologies applied to Security.
• Authentication and Authorization.
• E-Health
• E-Voting
• E-Government
• Cyber terrorism
• Intellectual Property Protection
• Anonymity and Privacy
• Cryptology: Cryptography and Cryptanalysis
• Information hiding: Steganography & Steganalysis

Submission of Papers
We encourage submission of high quality papers to this new edition of the Security in Information Systems Workshop. Authors of accepted papers must guarantee that their works will be presented at the Workshop by one of the co-authors. Only full papers in English will be accepted. The length of the paper should not exceed 10 pages (5000 words). Instructions for preparing the manuscript (in Word and Latex format) are available at the ICEIS web site. Postscript/RTF versions of the manuscript should be submitted through ICEIS web-based paper submission procedure. The proceedings of the workshop will be published in the form of a book (with ISBN) by INSTICC Press.

Additionally, best works will have the chance to publish extended and revised versions in the internationally refereed Journal of Research and Practice in Information Technology (http://www.jrpit.com/), which is well ranked in the ISI Journal Citation Reports.

Journal of Research and Practice in Information Technology
The Workshop interest is on high quality, innovative and unpublished research on Security in Information Systems. A selection of best works will be made in order to include extended and revised versions of these works in a special collection of JRPIT. This journal is listed in ISI (impact factor of 0.465 in 2006).
The journal of Research and Practice in Information Technology is an international quality, peer reviewed journal covering innovative research and practice in Information Technology. Until 2000 it was titled the Australian Computer Journal, and has been published by the Australian Computer Society continuously since November 1967.
The Journal has a dual emphasis and contains articles that are of interest both to practicing information technology professionals and to university and industry researchers. In particular, it encourages papers that report on activities that have successfully connected fundamental and applied research with practical application. The journal thus publishes papers relating to both emerging research and to professional practice.
For more information about this journal please visit http://www.jrpit.com/

Keynote Speakers
- Eduardo B. Fernandez, Florida Atlantic University, U.S.A.
Brief Bio
Eduardo B. Fernandez (Eduardo Fernandez-Buglioni) is a professor in the Department of Computer Science and Engineering at Florida Atlantic University in Boca Raton, Florida. He has published numerous papers on authorization models, object-oriented analysis and design, and security patterns. He has written four books on these subjects, the most recent being a book on security patterns. He has lectured all over the world at both academic and industrial meetings. He has created and taught several graduate and undergraduate courses and industrial tutorials. His current interests include security patterns and web services security. He holds a MS degree in Electrical Engineering from Purdue University and a Ph.D. in Computer Science from UCLA. He is a Senior Member of the IEEE, and a Member of ACM. He is an active consultant for industry, including assignments with IBM, Allied Signal, Motorola, Lucent, and others. More details can be found at http://www.cse.fau.edu/~ed

Important Dates
Paper Submission:  Deadline Expired
Author Notification:  Deadline Expired
Final Camera-Ready and Registration: Deadline Expired

Workshop Program Committee
Ernesto Damiani, Università degli Studi di Milano, Italy
Sabrina De Capitani di Vimercati, Università degli Studi di Milano, Italy
Csilla Farkas, University of South Carolina, USA
Steven Furnell, University of Plymouth, UK
Christian Geuer-Pollmann, European Microsoft Innovation Center, Germany
Paolo Giorgini, University of Trento, Italy
Carlos Gutierrez, Correos Telecom,Spain
Michael Hafner, University of Innsbruck, Austria
Renato Iannella, National ICT (NICTA), Australia
Jan Jürjens, The Open University (GB), UK
Stamatis Karnouskos, SAP AG, Germany
Antonio Maña, University of Malaga, Spain
Haralambos Mouratidis, University of East London, Dagenham, England
Martin Olivier, University of Pretoria, South Africa
Günther Pernul, University of Regensburg, Germany
Mario Piattini, University of Castilla-La Mancha, Spain
Joachim Posegga, University of Hamburg, Germany
Torsten Priebe, Capgemini Consulting Osterreich AG, Austria
Indrajit Ray, Colorado State University, USA
Indrakshi Ray, Colorado State University, USA
Damien Sauveron, University of Limoges, France
Mikko Siponen, University of Oulu, Finland
Ambrosio Toval, University of Murcia, Spain
Rodolfo Villarroel, Universidad Católica del Maule, Chile
Duminda Wijesekera, University George Mason, USA

Workshop Location
The workshop will take place in conjunction with the 10th International Conference on Enterprise Information Systems (ICEIS 2008) in Barcelona - Spain.

Registration Information
At least one author of an accepted paper must register for the workshop. If the registration fees are not received by April 14, 2008, the paper will not be published in the proceedings. For registering go to http://www.iceis.org

Secretariat
ICEIS 2008 Secretariat - The Sixth International Workshop on Security In Information Systems (WOSIS-2008)
E-mail: workshops@iceis.org
Web site: http://www.iceis.org