Security Standards -- Information Security Standards: Adoption Drivers (Invited Paper) -- Data Quality Dimensions for Information Systems Security: A Theoretical Exposition (Invited Paper) -- From XML to RDF: Syntax, Semantics, Security, and Integrity (Invited Paper) -- Security Culture -- How Much Should We Pay for Security? (Invited Paper) -- Do Not Ship, or Receive, Trojan Horses -- Employee Security Perception in Cultivating Information Security Culture -- Access Management -- A Policy Framework for Access Management in Federated Information Sharing -- A Hierarchical Release Control Policy Framework -- Risk Management -- Managing Uncertainty in Security Risk Model Forecasts with RAPSA/MC -- The Mitigation of ICT Risks Using Emitl Tool: An Empirical Study -- Risk Communication, Risk Perception and Information Security -- A Holistic Risk Analysis Method for Identifying Information Security Risks -- Security Culture -- A Responsibility Framework for Information Security -- Information Security Governance - A Re-Definition -- Can We Tune Information Security Management Into Meeting Corporate Governance Needs? (Invited Paper) -- Security Management -- Measurement of Information Security in Processes and Products -- A Protection Profiles Approach to Risk Analysis for Small and Medium Enterprises -- A UML Approach in the ISMS Implementation -- Applications -- Attack Aware Integrity Control in Databases (Invited Abstract) -- Characteristics and Measures for Mobile-Masquerader Detection -- A Distributed Service Registry for Resource Sharing Among Ad-Hoc Dynamic Coalitions -- Access Management -- A Trust-Based Model for Information Integrity in Open Systems -- Scalable Access Policy Administration (Invited Paper) -- Semantic Information Infrastructure Protection (Invited Abstract).