Integrity and Internal Control in Information Systems is a state-of-the-art book that establishes the basis for an ongoing dialogue between the IT security specialists and the internal control specialists so that both may work more effectively together to assist in creating effective business systems in the future. Building on the issues presented in the preceding volume of this series, this book seeks further answers to the following questions: What precisely do business managers need in order to have confidence in the integrity of their information systems and their data? What is the status quo of research and development in this area? Where are the gaps between business needs on the one hand and research/development on the other; what needs to be done to bridge these gaps? Integrity and Internal Control in Information Systems contains the selected proceedings of the Second Working Conference on Integrity and Internal Control in Information Systems, sponsored by the International Federation for Information Processing (IFIP) and held in Warrenton, Virginia, USA, in November 1998. It will be essential reading for academics and practitioners in computer science, information technology, business informatics, accountancy and edp-auditing.

This publication is a collection of papers from the Third International Working Conference of IFIP TC-11 Working group 11.5 on "Integrity and Internal Control in Information systems". IFIP TC-11 Working Group 11.5 explores the area of integrity within information systems and the relationship between integrity in information systems and the overall internal control systems that are established in organizations to support the corporate governance codes. We want to recommend this book to security specialists, IT auditors and researchers who want to learn more about the business concerns related to integrity. Those same security specialists, IT auditors and researchers will also value this book for the papers presenting research into new techniques and methods for obtaining the desired level of integrity. The third conference represents a continuation of the dialogue between information security specialists, internal control specialists and the business community. The conference objectives are: * To present methods and techniques that will help business achieve the desired level of integrity in information systems and data; * To present the results of research that may in future be used to increase the level of integrity or help management maintain the desired level of integrity; * To investigate the shortcomings in the technologies presently in use, shortcomings that require attention in order to protect the integrity of systems in general.

IT Governance is finally getting the Board's and top management's attention. The value that IT needs to return and the associated risks that need to be managed, have become so important in many industries that enterprise survival depends on it. Information integrity is a significant part of the IT Governance challenge. Among other things, this conference will explore how Information Integrity contributes to the overall control and governance frameworks that enterprises need to put in place for IT to deliver business value and for corporate officers to be comfortable about the IT risks the enterprise faces. The goals for this international working conference are to find answers to the following questions: * what precisely do business managers need in order to have confidence in the integrity of their information systems and their data; * what is the status quo of research and development in this area; * where are the gaps between business needs on the one hand and research I development on the other; what needs to be done to bridge these gaps. The contributions have been divided in the following sections: * Refereed papers. These are papers that have been selected through a blind refereeing process by an international programme committee. * Invited papers. Well known experts present practice and research papers upon invitation by the programme committee. * Tutorial. Two papers describe the background, status quo and future development of CobiT as well as a case of an implementation of Co biT.

Dear readers, Although it is well-known that confidentiality, integrity and availability are high level objectives of information security, much of the attention in the security arena has been devoted to the confidentiality and availability aspects of security. IFIP TC-ll Working Group 11. 5 has been charged with exploring the area of the integrity objective within information security and the relationship between integrity in information systems and the overall internal control systems that are established in organizations to support the corporate governance codes. In this collection you will not only find the papers that have been presented during the first working conference dedicated to the subject (section A) but also some of the papers that have formed the basis for the current activities of this working group (section B). Finally some information about IFIP TC-ll and its working groups is included (section C). This first working conference is the start for an ongoing dialog between the information security specialists and the internal control specialists so that both may work more effectively together to assist in creating effective business systems in the future."

IT Governance is finally getting the Board's and top management's attention. The value that IT needs to return and the associated risks that need to be managed, have become so important in many industries that enterprise survival depends on it. Information integrity is a significant part of the IT Governance challenge. Among other things, this conference will explore how Information Integrity contributes to the overall control and governance frameworks that enterprises need to put in place for IT to deliver business value and for corporate officers to be comfortable about the IT risks the enterprise faces. The goals for this international working conference are to find answers to the following questions: * what precisely do business managers need in order to have confidence in the integrity of their information systems and their data; * what is the status quo of research and development in this area; * where are the gaps between business needs on the one hand and research I development on the other; what needs to be done to bridge these gaps. The contributions have been divided in the following sections: * Refereed papers. These are papers that have been selected through a blind refereeing process by an international programme committee. * Invited papers. Well known experts present practice and research papers upon invitation by the programme committee. * Tutorial. Two papers describe the background, status quo and future development of CobiT as well as a case of an implementation of Co biT.

This publication is a collection of papers from the Third International Working Conference of IFIP TC-11 Working group 11.5 on "Integrity and Internal Control in Information systems". IFIP TC-11 Working Group 11.5 explores the area of integrity within information systems and the relationship between integrity in information systems and the overall internal control systems that are established in organizations to support the corporate governance codes. We want to recommend this book to security specialists, IT auditors and researchers who want to learn more about the business concerns related to integrity. Those same security specialists, IT auditors and researchers will also value this book for the papers presenting research into new techniques and methods for obtaining the desired level of integrity. The third conference represents a continuation of the dialogue between information security specialists, internal control specialists and the business community. The conference objectives are: * To present methods and techniques that will help business achieve the desired level of integrity in information systems and data; * To present the results of research that may in future be used to increase the level of integrity or help management maintain the desired level of integrity; * To investigate the shortcomings in the technologies presently in use, shortcomings that require attention in order to protect the integrity of systems in general.

Dear readers, Although it is well-known that confidentiality, integrity and availability are high level objectives of information security, much of the attention in the security arena has been devoted to the confidentiality and availability aspects of security. IFIP TC-ll Working Group 11. 5 has been charged with exploring the area of the integrity objective within information security and the relationship between integrity in information systems and the overall internal control systems that are established in organizations to support the corporate governance codes. In this collection you will not only find the papers that have been presented during the first working conference dedicated to the subject (section A) but also some of the papers that have formed the basis for the current activities of this working group (section B). Finally some information about IFIP TC-ll and its working groups is included (section C). This first working conference is the start for an ongoing dialog between the information security specialists and the internal control specialists so that both may work more effectively together to assist in creating effective business systems in the future.

Integrity and Internal Control in Information Systems is a state-of-the-art book that establishes the basis for an ongoing dialogue between the IT security specialists and the internal control specialists so that both may work more effectively together to assist in creating effective business systems in the future. Building on the issues presented in the preceding volume of this series, this book seeks further answers to the following questions: What precisely do business managers need in order to have confidence in the integrity of their information systems and their data? What is the status quo of research and development in this area? Where are the gaps between business needs on the one hand and research/development on the other; what needs to be done to bridge these gaps? Integrity and Internal Control in Information Systems contains the selected proceedings of the Second Working Conference on Integrity and Internal Control in Information Systems, sponsored by the International Federation for Information Processing (IFIP) and held in Warrenton, Virginia, USA, in November 1998. It will be essential reading for academics and practitioners in computer science, information technology, business informatics, accountancy and edp-auditing.