ISSE 2005 — Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe 2005 ConferenceSachar Paulus, Norbert Pohlmann, Helmut Reimer Springer Science & Business Media, 2005 M09 27 - 448 pages ENISA is proud to be working with eema, TeleTrusT, the Hungarian Ministry of Informatics and Communications and the German Federal Ministry of Technology and Eco nomics for this year's 7th annual Information Security Solu tions Europe Conference. The aim of ISSE has always been to support the develop ment of a European information security culture and espe cially a cross-border framework for trustworthy IT applica tions for citizens, industry and administration. ENISA is committed to these goals, in our work to assist and advise the European Commission, Member States and business community on network, information security and legislative requirements. The security of communication networks and information systems is of increasing concern. In order to face today's complex information security challenges it is clear that working collabo ratively with one another is the key to generating new strategies to address these problems. It has been an exciting opportunity to facilitate this collaboration at ISSE 2005, and pull to gether the wealth of industry knowledge, information and research that we hold in Europe, and across the globe. The success of this event in generating ideas and frank, lively debate around the complex topic of IT security is due also to the independent, varied nature of the programme, which was selected by world-wide industry specialists. Some of the key topics explored at this year's conference have been chosen as the basis for this book, which is an invaluable reference point for anyone involved in the IT security indus try. |
Contents
A Progress Report Gerry Gebel | 3 |
Identity Federation Introduction Value Evolution | 10 |
Pseudonymous Authentication and Authorization enhancing ubiquitous Identity Management | 21 |
Case Study | 30 |
OATH OTPS and EMVCAP | 39 |
Security Scheme for adhoc Networks | 52 |
An electronic Signature Infrastructure for mobile Devices | 62 |
Cosourcing Remote Management of Mobile Security The Missing Link | 74 |
How to dematerialize tendering to RFPs and tenders opening Processes? | 242 |
AirTraffic Management Case Study | 251 |
Statement Submission | 260 |
Concept of supporting advanced Patient Rights by the German Health Card | 268 |
The Future of Smart Cards | 274 |
The European Digital Passport Assessing the Technological Impact on Border Management Process | 282 |
Spoofing Scams exposes Security Loopholes | 289 |
Standards and Projects for enabling secure eHealth Interoperability in Europe | 301 |
AspectOriented Security for WebApplications | 83 |
Combined Trusted Platform Modules and Smart Card Solutions | 92 |
Understanding and Leveraging the Trusted Platform Module | 98 |
The Regulatory Framework for Trusted Time Services in Europe | 107 |
Sharing Resources through Communities of Interest | 120 |
Applications | 135 |
Addressing Regulatory Compliance and Governance Needs | 137 |
A Transatlantic Discussion | 149 |
The EU legal Framework | 161 |
A difficult Marriage? | 169 |
Legal Aspects of Security in eContracting with Electronic Agents | 179 |
Managing the Legal Risk in Providing Online Quality Certification Services in EU | 189 |
Dutch Court Organization | 201 |
Experiences and Lessons Learned | 210 |
an Example | 220 |
The Italian Innovative Approach to ICT Security Certification ISO 15408 | 229 |
Secure USB Media Considerations for a Common Criteria Protection Profile | 234 |
Security Management | 311 |
Using ISO 17799 COBIT ITIL for solving Compliance Issue | 313 |
Using GIS Tools to assess the Vulnerability of the Internet | 324 |
RealTime Productivity Gains RealTime Risk Management | 335 |
Integration of Management Systems | 345 |
A Return on Security Investment Model for large Enterprises | 350 |
Assessing the Economics of Electronic Security | 360 |
Strategic Research Agenda for Security and Dependability in RD | 370 |
Electronic Certificates Results of the IDABC BridgeGateway Certification Authority Pilot Project | 381 |
Path Validation Conformance Testing | 389 |
Usable Cryptography in German eGovernment | 401 |
Modelling and Securing European Justice Workflows | 412 |
Protocols and Requirements | 422 |
A Usable Security Paradigm for Information Asset Protection | 432 |
441 | |
Common terms and phrases
access control administration agent algorithm application architecture asset biometric Certification Authority certification service client COBIT communication companies compliance components constraints customers data protection database defined digital signature document domain e-mail eHealth Electronic Business Processes electronic signature encryption enforcement ensure enterprises environment European Framework Decision functionality identify identity federation identity management implementation infrastructure Initiative integration interface Internet interoperability IPSec issues LDAP management system Member mobile devices module MSSP nodes non-repudiation OpenPMF operation organisations passport password path validation personal data phishing PKITS platform Pohlmann privacy obligations privacy policies protection profile protocol public key Reimer Editors requirements RFID risk role Securing Electronic Business security management security policy server service providers smart card solution specific standard stored tags technical tests third party time-stamping tion transactions trust TTPs web services workflow WS-Federation
Popular passages
Page 431 - Role-Based Access Control on the Web," ACM Transactions on Information and System Security, Vol. 4, No. 1, 2001, pp. 37-71. [12] Shim, WB, and S. Park, "Implementing Web Access Control System for Multiple Web Servers in the Same Domain Using RBAC Concept," 8th International Conference on Parallel and Distributed Systems (ICAPDS), 2001, pp.