Security in information systems: Advances and new challenges

Information Systems Security is one of themost pressing challenges currently confronted by all kinds of organizations. Information systems undoubtedly play an important role in today's society and are increasingly at the heart of critical infrastructures. Although many companies have discovered how critical information is to the success of their business or operations, very few have managed to be effective in maintaining their information secure, avoiding unauthorized access, stopping intrusions, preventing the disclosure of secret information, etc. In any computer-related environment, it is possible to consider security as a non-functional requirement that maintains the overall system usable and reliable, and protects the information and information systems. There are various definitions of security, but all of them basically agree on the same components. Security in information systems considers the protection of information and the systems that manage it against a wide range of threats in order to ensure business continuity, minimize risks and maximize the return on investment and business opportunities. Security is, therefore, currently a widespread and growing concern that covers all areas of society: business, domestic, financial, government, and so on. In fact, the so-called information society is increasingly dependent on a wide range of software systems whose mission is critical, such as air traffic control systems, financial systems or public health systems. The potential losses confronted by the businesses and organizations that rely on all of these systems, be they hardware or software, therefore signify that it is crucial for information systems to be properly secured from the outset. This Special Issue of the Computer Standards & Interfaces journal therefore includes papers received from the public call for papers and extended and improved versions of those papers that were selected from the best of the International Workshop on Security in Information Systems (WOSIS 2012). It aims to serve as a forum inwhich to unite academics, researchers, practitioners and students in the field of security engineering and security software engineering, by presenting new developments and lesson learned from real world cases, and to promote the exchange of ideas, discussion and development in these areas. This edition is the ninth in a serieswhich began inCiudadReal (Spain) in 2002, and which has continued, in chronological order, in Porto (Portugal), Paphos (Cyprus), Miami (USA), Funchal, Madeira (Portugal), Barcelona (Spain), Milan (Italy), Beijing (China) and Wroclaw (Poland). The workshop has gained a considerable reputation as a result of its relatively long history, and receives an annual average of almost fifty submissions, with an acceptance rate of approximately thirty five percent. Ourworkshop hasmatured throughout the years of its existence, and is now established as a forum for high quality research papers in the area of security in information systems. The most valuable assets of this workshop, which make it attractive to authors, are both the highly