Management of Information Security


printable version

Track Chairs: Hannes Federrath, Universität Regensburg; Günter Müller, Universität Freiburg

Information systems used in critical infrastructures without built-in security functions are unthinkable today. Security refers to the fact that protection goals are achieved in spite of malicious attacks and system failures. Typical security goals can be confidentiality, integrity, accountability and availability. Security in information systems addresses both technical and organizational aspects. The technical functions of information security are typically realized by authentication mechanisms, access control and cryptographic mechanisms. Organizational functions concern global corporation-wide aspects, e. g. human resources, personnel security, physical security and business continuity management. Meanwhile organizations can get a certificate, which confirms that both the technical and organizational level of security of a company meet some formal requirements, for instance the ISO 17799. This way security becomes a strategic asset for a company.

Papers addressing any aspect of security in information systems will be welcome.

Suggested topics:
 -  Security in critical infrastructures
 -  New security threats, attacks and weaknesses
 -  Practical experiences with security management standards
 -  Information security management systems
 -  Data protection, anonymity and unobservability in the Internet
 -  Digital Rights Management systems
 -  Public Key Infrastructures and digital signatures
 -  Trusted computing and its applications and implications
 -  Security of mobile devices and in mobile systems
 -  Smart card technology
 -  Mechanisms for identification, authentication and authorization