This book presents the most interesting talks given at ISSE 2009 the forum for the inter-disciplinary discussion of how to adequately secure electronic business processes.
The topics include:
- Economics of Security and Identity Management
- Security Services and Large Scale Public Applications
- Privacy and Data Protection and Awareness Raising
- Standards and Technical Solutions
- Secure Software, Trust and Assurance
Adequate information security is one of the basic requirements of all electronic business processes. It is crucial for effective solutions that the possibilities offered by security technology can be integrated with the commercial requirements of the applications. The reader may expect state-of-the-art: best papers of the Conference ISSE 2009.

Norbert Pohlmann: Professor for System and Information Security at the University of Applied Sciences in Gelsenkirchen
Helmut Reimer: Senior Consultant, TeleTrusT
Wolfgang Schneider: Deputy Institute Director, Fraunhofer Institute SIT

Microsoft Sponsoring Contribution.- Claims and Identity: On-Premise and Cloud Solutions.- Economics of Security and Identity Management.- Measuring Information Security: Guidelines to Build Metrics.- Demystifying SAP security.- The ISACA Business Model for Information Security: An Integrative and Innovative Approach.- ICT Systems Contributing to European Secure-by-Design Critical Infrastructures.- ROI, Pitfalls and Best Practices with an Enterprise Smart Card Deployment.- A General Quality Classification System for eIDs and e-Signatures.- Second Wave of Biometric ID-documents in Europe: The Residence Permit for non-EU/EEA Nationals.- Security Services and Large Scale Public Applications.- User and Access Management in Belgian e-Government.- PKI Crawling Out of the Grave& Into the Arms of Government.- Entitlement Management: Ready to Enter the IdM Mainstream.- Secure E-Mail Communication across Company Boundaries Experiences and Architectures.- Voice Biometrics as a Way to Self-service Password Reset.- Security Requirements Specification in Process-aware Information Systems.- Privacy, Data Protection and Awareness.- Simple& Secure: Attitude and behaviour towards security and usability in internet products and services at home.- Social Engineering hits Social Commerce.- How to Establish Security Awareness in Schools.- Privacy and Security a Way to Manage the Dilemma.- Relative Anonymity: Measuring Degrees of Anonymity in Diverse Computing Environment.- User Privacy in RFID Networks.- Web Sessions Anomaly Detection in Dynamic Environments.- Standards and technical Solutions.- KryptoNAS: Open source based NAS encryption.- Secure Network Zones.- ETSI Specifications for Registered E-Mail REM.- Acceptance of Trust Domains in IT-Infrastructures.- Proposal for an ITSecurity Standard for Preventing Tax Fraud in Cash Registers.- The Operational Manager Enemy or Hero of Secure Business Practice?.- Secure Software, Trust and Assurance.- A Structured Approach to Software Security.- Using Compilers to Enhance Cryptographic Product Development.- Why Secure Coding is not Enough: Professionals Perspective.- Proactive Security Testing and Fuzzing.- Protecting Long Term Validity of PDF documents with PAdES-LTV.- RE-TRUST: Trustworthy Execution of SW on Remote Untrusted Platforms.- Future of Assurance: Ensuring that a System is Trustworthy.- A Taxonomy of Cryptographic Techniques for Securing Electronic Identity Documents.