IFIP TC 11 Working Group 1 - Information Security Management

Welcome

Welcome to the website of IFIP TC 11 Working Group 1 - Information Security Management.

The aims and scopes of the WG are described within the site. These values and goals we promote within our Working Group Conferences in order to promote Information Security Management in a truly international context. Our Working Group includes welcomes participation from industry and academia from all over the world.

Regards,

Professor Karin Hedström
Chair of IFIP WG11.1

Working Group Officers

Karin Hedström

Chair
Örebro University, Sweden
E-mail: karin.hedstrom@oru.se

Dan Kim

Vice-Chair
The University of Queensland, Australia
E-mail: dan.kim@uq.edu.au

Paul Haskell-Dowland

Secretary
Edith Cowan University, Australia
E-mail: p.haskelldowland@ecu.edu.au

Working Group Members

Australia	Paul Haskell-Dowland, Edith Cowan University Dan Kim, University of Queensland Sean Maynard, University of Melbourne Malcolm Pattinson, University of Adelaide Matthew Warren, RMIT University
Austria	Stefan Fenz, Vienna University of Technology Florian Skopik, AIT - Austrian Institute of Technology Simon Tjoa, St. Pölten University of Applied Sciences
Colombia	Jeimy J. Cano M., Universidad de los Andes
Finland	Teemupekka Virtanen, Ministry of Social Affairs and Health
France	Brahim Hamid, IRIT, University of Toulouse
Germany	Wolfgang Boehmer, Technische Universitaet Darmstadt Christopher Schmitz, Goethe-Universität, Frankfurt
Greece	Dimitrios Michalopoulos, Hellenic Electricity Distribution Network Operator S.A. (HENDO)
India	Mukhopadhyay Arunabha, Indian Institute of Management Lucknow Roshaan Narkedayy, University of Pune Ramesh Ramamoorthy, Chennai Institute of Technology Abhishek Shukla, R.D. Engineering College
Malaysia	Lam Wai Leong, SBIT Hamed Taherdoost, Hamta Group Omar Zakaria, National Defence University of Malaysia
Mexico	Jorge A. Ruiz-Vanoye, Universidad Autónoma del Estado de Hidalgo
Poland	Andrzej Bialas, Institute of Innovative Technologies EMAG
Portugal	Henrique Santos, University of Minho
South Africa	Reinhardt Botha, Nelson Mandela University Rossouw von Solms, Nelson Mandela University Kerry-Lynn Thomson, Nelson Mandela University
Spain	Alvaro Arenas, IE University
Sweden	Rose-Mharie Åhlfeldt, University of Skövde Karin Hedström, Örebro University Frederick Karlsson, Örebro University Ella Kolkowska, Örebro University Elham Rostami (Associate), Örebro University
Switzerland	Stephanie Teufel, University of Fribourg/iimt
Ukraine	Sergii Kavun, Kharkiv University of Technology "STEP"
United Kingdom	Mohammad Alshammari (Associate), Hull University Business School Dionysios Demetis, Hull University Business School Jean-Noel Ezingeard, Manchester Metropolitan University Steven Furnell, University of Plymouth Karen Renaud, University of Strathclyde Neetesh Saxena, Cardiff University
United States of America	Mohamed Abdelhamid, California State University Gurpreet Dhillon, University of North Carolina at Greensboro Murray Jennex, San Diego State University Juan Lopez, Jr, Oak Ridge National Laboratory Spyridon Samonas, Panasonic Avionics Corporation Gurvirender Tejay, St. Thomas University

Charter

WG11.1 - Information Security Management est. 1985, revised 1992, reconfirmed 2006

Aims

As management, at any level, may be increasingly held answerable for the reliable and secure operation of the information systems and services in their respective organisations in the same manner as they are for financial aspects of the enterprise, the Working Group will promote all aspects related to the Management of Information Security.

These aspects cover a wide range, from purely managerial aspects concerning Information Security, (like upper management awareness and responsibility for establishing and maintaining the necessary policy documents), to more technical aspects (like risk analysis, disaster recovery and other technical tools) to support the Information Security management process.

Scope

to study and promote methods to make senior business management aware of the value of information as a corporate asset, and to get their commitment to implementing and maintaining the necessary objectives and policies to protect these assets;
to study and promote methods and ways to measure and assess the security level in a company and to convey these measures and assessments to management in an understandable way;
to research and develop new ways to identify the Information Security threats and vulnerabilities which every organisation must face;
to research and identify the effect of new and changed facilities and functions in new hardware and software on the management of Information Security;
to study and develop means and ways to help information security managers to assess their effectiveness and degree of control;
to address the problem of standards for Information Security.

Statement Of Case

There is a growing trend for senior business management to be held answerable for the reliable and secure operation of their information systems, as they are for control of their financial aspects. Information Security is, and should always be, upper management responsibility. Information security professionals and WG 11.1 in particular, should therefore be responsible for the development of all types of tools, mechanisms and methods to support top management in this new responsibility.

Events

Workshop on Information Security and Privacy (WISP) 2016, 10 Dec 2016, Dublin, Ireland. Jointly held with AIS SIGSEC meeting.
IFIP TC11.1 Workshop, 29-31 March 2016, Las Vegas, USA. As part of the 15th Annual Security Conference
IFIP TC11.1 Workshop as part of the IFIP SEC 2015 Conference, 29 May 2015, Hamburg, Germany
IFIP TC11.1 Workshop as part of the 13th Annual Security Conference, 21-23 May 2014, Las Vegas, USA
CyberSecurity Workshop, 21 March 2012, Abu Dhabi, UAE
12th Annual Workshop on Information Security Management as part of the South African Information Security Multi-Conference, 17-18 May 2010, Port Elizabeth, South Africa
WG11.1/WG11.8 Panel: Common Bodies of Knowledge (CBKs) and Security Certifications - do they meet the need? as part of the 24th IFIP International Information Security Conference, 20 May 2009, Paphos, Cyprus
11th Annual Working Conference on Information Security Management, 16-17 October 2008, Richmond, USA
IFIP TC-11 WG 11.1 & WG 11.8 Joint Workshop on "Fostering knowledge and skills for manageable information security" (as part of Sec2007), 14-16 May 2007, Sandton, South Africa
IFIP TC-11 WG 11.1 & WG 11.8 Joint Workshop on Security Culture (as part of Sec2006), 22 May 2006, Karlstad, Sweden
IFIP TC-11 WG 11.1 & WG 11.5 Joint Working Conference on Security Management, Integrity, and Internal Control in Information Systems, 1-2 December 2005, Fairfax, Virginia, USA