Obtaining a good degree of security in their Information Systems is one of the most pressing challenges facing all kind of organisations today. Although many companies have already discovered how critical information is to the success of their business operations, very few have managed to be effective in keeping their information safe, in avoiding unauthorised access, preventing intrusions, stopping secret information disclosure, etc. Nowadays, rapid technological advances are stimulating a greater use of information systems in organisations world-wide, which handle large quantities of data, managed by huge databases and datawarehouses. In addition, information systems quite frequently manage information that can be considered sensitive, since it is related to certain intimate or personal aspects of persons (beliefs, medical data, sexual tendencies, etc.) and which must be specially protected. Many organisations, including not only companies but also governments of several
countries, are now realising how security problems can affect both business success and citizen rights, and they are proposing security policies, security planning, personal data protection laws, etc. All of these, including technological, legislative, ethical and political factors, justifies the importance of secure information systems, and encourage us to research in new techniques, models and methodologies, which could aid designers developing and implanting safe information systems which both protect information and keep within the law. These facts, also, justifies the organization of WOSIS 2005. The aim of this workshop is to serve as a forum to gather academics, researchers, practitioners and students in the field of Security in Information Systems by presenting new developments, lessons learned from real world cases, and providing the exchange of ideas and discussion on specific areas. From this point of view, the WOSIS 2005 workshop has been a great success, but it would be naïve and pretentious to consider that this success has only been due to their organizers. This is not the case. The organizers of the ICEIS 2005, specially Vitor Pedrosa, Slimane Hammoudi and Olivier Camp have been very helpful and proactive. The invited speaker, Professor Ernesto Damiani, has contributed a lot to increment the attractiveness and prestige of the WOSIS, helping just by joining us to bring the number of received papers to an overall maximum. In these conditions, the review process has been specially difficult and long, (we have received 59 submissions, of which only 32 papers havebeen accepted) and it would have been hell if we had not the invaluable help of a very prestigious, competent and flexible Program Committee with the members we mention below. We should thank all of them. We should thank also all the authors who submitted papers to the Workshop, being them accepted or not. The quality was quite high and we must reject some papers of value. Additionally, the inclusion of a selection of some of the best papers of the Workshop in the “Security in Information Systems Special Collection” of the prestigious Journal of Research and Practice in Information Technology (JRPIT), has also contributed to increase the visibility and success of this year’s WOSIS. Thanks very much to Sidney Morris, the editor-in-chief of the journal, it was a pleasure to work with you. Finally, we would like to note that we will make our best to repeat this success next year.
Vol. 1 - 972-8865-25-2