Workshop Program

Co-Chairs
Dr. Mariemma Yagüe
University of Málaga
Spain
yague@lcc.uma.es

Dr. Eduardo Fernández-Medina
University of Castilla-La Mancha
Spain
Eduardo.FdezMedina@uclm.es

Background and Goals
Information Systems Security is one of the most pressing challenges facing all kind of organizations today. Although many companies have discovered how critical information is to the success of their business or operations, very few have managed to be effective in keeping their information safe, in avoiding unauthorized access, preventing intrusions, stopping secret information disclosure, etc.
Nowadays, rapid technological advances are stimulating a greater use of information systems in organizations world-wide, which handle large quantities of data, managed by huge databases and datawarehouses. In addition, information systems quite frequently manage information that can be considered sensitive, since it is related to certain intimate or personal aspects of persons (beliefs, medical data, sexual tendencies, etc.) and which must be specially protected.
Many organizations, including not only companies but also governments of several countries, are now realizing how security problems can affect both business success and citizen rights, and they are proposing security policies, security planning, personal data protection laws, etc.
All of these, including technological, legislative, ethical and political factors, justifies the importance of secure information systems, and encourage us to research in new techniques, models and methodologies, which could aid designers developing and implanting safe information systems which both protect information and keep within the law.
In some sense, standards are always present in many security areas: Cryptographic protocols are standardized, and web services security are based on standard specifications; Biometric security needs different standards, and risk management can be performed following standards. In fact, there are many people working in security standards development, and many other people are working in using, adapting, extending and redefining these standards.
In this new edition of WOSIS, the traditional information systems security will be maintained but taking into account standards in the field and we will add some general topics concerning the standardisation process, or their impact on the marketplace. Our objective is WOSIS 2007 will present new developments, lessons learned from real world cases, and would provide the exchange of ideas and discussion on all the expert areas CS&I.

Topics of interest
Topics of interest include, but are not restricted to:

• Standards for Security
• Security for Grid computing
• Web Services Security
• Security for Mobile Computing
• Security for Electronic Commerce and Electronic Business
• Security for Databases and Data Warehouses
• Business Process Security
• Metrics for Security
• Biometric Security
• Network Security
• Security Requirements Engineering
• Digital Rights Management (DRM). Mobile DRM.
• Access Control and Rights Expression Languages.
• Security & Trust Models
• Semantic Web Technologies applied to Security.
• Authentication and Authorization.
• E-Commerce
• E-Health, E-Voting, E-government
• Cyber terrorism
• Intellectual Property Protection
• Anonymity and Privacy
• Cryptology: Cryptography and Cryptanalysis
• Information hiding: Steganography & Steganalysis

Submission of Papers
We encourage submission of high quality papers to this new edition of the Security in Information Systems Workshop. Authors of accepted papers must guarantee that their works will be presented at the Workshop by one of the co-authors. Only full papers in English will be accepted. The length of the paper should not exceed 10 pages (5000 words). Instructions for preparing the manuscript (in Word and Latex format) are available at the ICEIS web site. Postscript/RTF versions of the manuscript should be submitted through ICEIS web-based paper submission procedure. The proceedings of the workshop will be published in the form of a book (with ISBN) by ICEIS.
Additionally, best works will have the chance to publish extended and revised versions in the internationally refereed Computer Standards & Interfaces Journal, which is well ranked in the ISI Journal Citation Reports.

Computer Standards & Interfaces Journal, an ISI ranked Publication
The Workshop interest is on high quality, innovative and unpublished research on Security in Information Systems. A selection of best works will be made in order to include extended and revised versions of these works in this journal, which is published by Elsevier and listed in ISI (impact factor of 0.62 in 2005).
The journal provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels, it publishes critical comments on standards and standards activities, it disseminates user's experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods, it offers a forum for discussion on actual projects, standards, interfaces and methods by recognized experts, and it stimulates relevant research by providing a specialized refereed medium.

COMPUTER STANDARDS & INTERFACES is concerned with the specification, development and application of standards and with high-level publications of developments and methods in the following areas:
• Standards, Information Management, Formal Methods
• Software Quality, Software Process
• Distributed Systems, Open Systems, E-Topics
• Data Acquisition
• Digital Instruments Standardisation
For more information about this journal please visit http://www.elsevier.com/wps/find/journaldescription.cws_home/505607/description#description

Keynote Speakers
Ruth Breu - University at Innsbruck, Austria

Brief Bio
Ruth Breu is head of the research group Quality Engineering at the University of Innsbruck since 2002. QE works on the foundation of innovative application scenarios of models with a focus on security engineering, IT-governance and model-driven software development. With SECTET Ruth Breu and her team developed a high-level security infrastructure for B2B-workflows in the context of web service technology. ProSecO is a framework for business oriented assessment of security risks. The group works in close cooperation with industrial partners like Telekom Austria, Swiss Re and Siemens and has generated two spin-off companies in the field of information security
Talk: Model-Driven Approaches to Security
Managing and enforcing security requirements in the large are the predominant challenges to the upcoming generation of networked open applications. While research on information security in the past has mainly produced sophisticated techniques, protocols and standards at technical level, the establishment of security engineering as a discipline of systematically developing secure solutions now requires increased attention.
Security engineering includes aspects like the elicitation of security requirements in early phases of software development, the development of secure solutions at high level of abstraction and systematic security testing. The talk gives an overview of aspects of security engineering and focuses on the effective use of models within the development of security-critical distributed applications.

Important Dates
Paper Submission: March 5, 2007
Author Notification: April 10, 2007
Final Camera-Ready and Registration: April 20, 2007

Workshop Program Committee
Sabrina De Capitani di Vimercati. Università degli Studi di Milano. Italy
Ernesto Damiani. Università degli Studi di Milano. Italy
Csilla Farkas. University of South Carolina. USA
Eduardo B. Fernández. Florida Atlantic University. USA
Steven Furnell. University of Plymouth. UK
Christian Geuer-Pollmann. European Microsoft Innovation Center. Germany
Paolo Giorgini. University of Trento. Italy
Ehud Gudes. Ben-Gurion Univerity. Israel
Haralambos Mouratidis. University of East London, Dagenham, England
Jan Jürjens. TU Munich. Germany
Stamatis Karnouskos. SAP AG. Germany
Antonio Maña. University of Malaga. Spain.
Martin Olivier. University of Pretoria. South Africa
Brajendra Panda. University of Arkansas. USA
Günther Pernul. University of Regensburg. Germany
Mario Piattini. University of Castilla-La Mancha. Spain
Joachim Posegga. University of Hamburg.
Indrajit Ray. Colorado State University. USA
Indrakshi Ray. Colorado State University. USA
Damian Sauveron. University of Limoges. France
Ambrosio Toval. University of Murcia. Spain
Duminda Wijesekera. University George Mason. USA

Workshop Location
The workshop will take place in conjunction with the 9th International Conference on Enterprise Information Systems (ICEIS 2007) in Funchal, Madeira - Portugal.

Registration Information
At least one author of an accepted paper must register for the workshop. If the registration fees are not received by April 9, 2007, the paper will not be published in the proceedings. For registering go to http://www.iceis.org

Secretariat
ICEIS 2007 Secretariat - The Fifth International Workshop on Security In Information Systems (WOSIS -2007)
E-mail: workshops@iceis.org
Web site: http://www.iceis.org