Security Management, Integrity, and Internal Control in Information Systems

This is the first joint working conference between the IFIP Working Groups 11. 1 and 11. 5. We hope this joint conference will promote collaboration among researchers who focus on the security management issues and those who are interested in integrity and control of information systems. Indeed, as management at any level may be increasingly held answerable for the reliable and secure operation of the information systems and services in their respective organizations in the same manner as they are for financial aspects of the enterprise, there is an increasing need for ensuring proper standards of integrity and control in information systems in order to ensure that data, software and, ultimately, the business processes are complete, adequate and valid for intended functionality and expectations of the owner (i. e. the user organization). As organizers, we would like to thank the members of the international program committee for their review work during the paper selection process. We would also like to thank the authors of the invited papers, who added valuable contribution to this first joint working conference. Paul Dowland X. Sean Wang December 2005 Contents Preface vii Session 1 - Security Standards Information Security Standards: Adoption Drivers (Invited Paper) 1 JEAN-NOEL EZINGEARD AND DAVID BIRCHALL Data Quality Dimensions for Information Systems Security: A Theorectical Exposition (Invited Paper) 21 GURVIRENDER TEJAY, GURPREET DHILLON, AND AMITA GOYAL CHIN From XML to RDF: Syntax, Semantics, Security, and Integrity (Invited Paper) 41 C. FARKAS, V. GowADiA, A. JAIN, AND D.

The proceedings from the IFIP TC-11 WG 11.1 and WG 11.5 Joint Working Conference on Security Management, Integrity, and Internal Control in Information Systems address the increasing need for ensuring proper standards of integrity and control in information systems in an organizational context. The aim of this research is to guarantee that data, software, and the business processes are complete, adequate, and valid for the intended functionality and expectations of the owner (i.e. the user organization).

Security Standards.- Information Security Standards: Adoption Drivers (Invited Paper).- Data Quality Dimensions for Information Systems Security: A Theoretical Exposition (Invited Paper).- From XML to RDF: Syntax, Semantics, Security, and Integrity (Invited Paper).- Security Culture.- How Much Should We Pay for Security? (Invited Paper).- Do Not Ship, or Receive, Trojan Horses.- Employee Security Perception in Cultivating Information Security Culture.- Access Management.- A Policy Framework for Access Management in Federated Information Sharing.- A Hierarchical Release Control Policy Framework.- Risk Management.- Managing Uncertainty in Security Risk Model Forecasts with RAPSA/MC.- The Mitigation of ICT Risks Using Emitl Tool: An Empirical Study.- Risk Communication, Risk Perception and Information Security.- A Holistic Risk Analysis Method for Identifying Information Security Risks.- Security Culture.- A Responsibility Framework for Information Security.- Information Security Governance - A Re-Definition.- Can We Tune Information Security Management Into Meeting Corporate Governance Needs? (Invited Paper).- Security Management.- Measurement of Information Security in Processes and Products.- A Protection Profiles Approach to Risk Analysis for Small and Medium Enterprises.- A UML Approach in the ISMS Implementation.- Applications.- Attack Aware Integrity Control in Databases (Invited Abstract).- Characteristics and Measures for Mobile-Masquerader Detection.- A Distributed Service Registry for Resource Sharing Among Ad-Hoc Dynamic Coalitions.- Access Management.- A Trust-Based Model for Information Integrity in Open Systems.- Scalable Access Policy Administration (Invited Paper).- Semantic Information Infrastructure Protection (Invited Abstract).