"The dominant role of social networking in the web is turning human relations into conduits of information flow. This means that the way information spreads on the web is determined to a large extent by human decisions. Consequently, information security, confidentiality and integrity of shared data, relies on the quality of the collective decisions made by the users. Recently, many access control schemes have been proposed to control unauthorized propagation and modification of information in online systems; however, there is still a need for mechanisms to evaluate the risk of information leakage and unauthorized modifications within online systems. First, the thesis focuses on the confidentiality of information in online social networks. A novel community-centric confidentiality control mechanism for information flow management on the social web is presented. A Monte Carlo based algorithm is developed to determine the potential spread of a shared data object and to inform the user of the risk of information leakage associated with different sharing decisions she can make in a social network. The scheme also provides a facility to reduce information flowing to a specific user (i.e., black listing a specific user). Second the thesis focuses on the integrity of artifacts in crowdsourcing systems. A new approach for managing the integrity of contents created in crowdsourcing repositories named Social Integrity Management (SIM) is presented. SIM integrates two conflicting approaches to manage integrity in crowdsourcing systems: owner-centric and owner-free schemes. The ownership bottleneck is relaxed by including co-ownerships and having multiple versions. Finally, the thesis presents a thorough analysis of the Stack Exchange sites as an example of widely used crowdsourcing question answering systems. The dump datasets are used to analyze various user behaviors in crowdsourcing question answering systems by considering the effect of tagging, user reputation and user feedback. Observed characteristics from the studies are used in the modeling and evaluation of social integrity management." --

Confidentiality and Integrity in Crowdsourcing Systems focuses on identity, privacy, and security related issues in crowdsourcing systems and in particular the confidentiality and integrity of online data created via crowdsourcing. This book begins with an introduction to crowdsourcing and then covers the privacy and security challenges of Confidentiality. The book examines integrity in these systems and the management and control of crowdsourcing systems.

Computers at Risk presents a comprehensive agenda for developing nationwide policies and practices for computer security. Specific recommendations are provided for industry and for government agencies engaged in computer security activities. The volume also outlines problems and opportunities in computer security research, recommends ways to improve the research infrastructure, and suggests topics for investigators. The book explores the diversity of the field, the need to engineer countermeasures based on speculation of what experts think computer attackers may do next, why the technology community has failed to respond to the need for enhanced security systems, how innovators could be encouraged to bring more options to the marketplace, and balancing the importance of security against the right of privacy.

IT Governance is finally getting the Board's and top management's attention. The value that IT needs to return and the associated risks that need to be managed, have become so important in many industries that enterprise survival depends on it. Information integrity is a significant part of the IT Governance challenge. Among other things, this conference will explore how Information Integrity contributes to the overall control and governance frameworks that enterprises need to put in place for IT to deliver business value and for corporate officers to be comfortable about the IT risks the enterprise faces. The goals for this international working conference are to find answers to the following questions: • what precisely do business managers need in order to have confidence in the integrity of their information systems and their data; • what is the status quo of research and development in this area; • where are the gaps between business needs on the one hand and research I development on the other; what needs to be done to bridge these gaps. The contributions have been divided in the following sections: • Refereed papers. These are papers that have been selected through a blind refereeing process by an international programme committee. • Invited papers. Well known experts present practice and research papers upon invitation by the programme committee. • Tutorial. Two papers describe the background, status quo and future development of CobiT as well as a case of an implementation of Co biT.

"Information Systems for Business and Beyond introduces the concept of information systems, their use in business, and the larger impact they are having on our world."--BC Campus website.

This is the first joint working conference between the IFIP Working Groups 11. 1 and 11. 5. We hope this joint conference will promote collaboration among researchers who focus on the security management issues and those who are interested in integrity and control of information systems. Indeed, as management at any level may be increasingly held answerable for the reliable and secure operation of the information systems and services in their respective organizations in the same manner as they are for financial aspects of the enterprise, there is an increasing need for ensuring proper standards of integrity and control in information systems in order to ensure that data, software and, ultimately, the business processes are complete, adequate and valid for intended functionality and expectations of the owner (i. e. the user organization). As organizers, we would like to thank the members of the international program committee for their review work during the paper selection process. We would also like to thank the authors of the invited papers, who added valuable contribution to this first joint working conference. Paul Dowland X. Sean Wang December 2005 Contents Preface vii Session 1 - Security Standards Information Security Standards: Adoption Drivers (Invited Paper) 1 JEAN-NOEL EZINGEARD AND DAVID BIRCHALL Data Quality Dimensions for Information Systems Security: A Theorectical Exposition (Invited Paper) 21 GURVIRENDER TEJAY, GURPREET DHILLON, AND AMITA GOYAL CHIN From XML to RDF: Syntax, Semantics, Security, and Integrity (Invited Paper) 41 C. FARKAS, V. GowADiA, A. JAIN, AND D.

The traditional view of information security includes the three cornerstones: confidentiality, integrity, and availability; however the author asserts authentication is the third keystone. As the field continues to grow in complexity, novices and professionals need a reliable reference that clearly outlines the essentials. Security without Obscurit