This book constitutes the refereed proceedings of the Second International Conference on Information Systems Security, ICISS 2006, held in Kolkata, India in December 2006. The 20 revised full papers and five short papers presented together with four invited papers and three ongoing project summaries were carefully reviewed and selected from 79 submissions. The papers discuss in depth the current state of the research and practice in information systems security.

Invited Papers.- Privacy in the Electronic Society.- A Data Sharing Agreement Framework.- Password Exhaustion: Predicting the End of Password Usefulness.- Network Monitoring for Security and Forensics.- Data and Application Security.- Fairness Strategy for Multilevel Secure Concurrency Control Protocol.- Optimistic Anonymous Participation in Inter-organizational Workflow Instances.- O2O: Virtual Private Organizations to Manage Security Policy Interoperability.- Privacy Preserving Web-Based Email.- Access Control.- Context-Aware Provisional Access Control.- LRBAC: A Location-Aware Role-Based Access Control Model.- Extending Context Descriptions in Semantics-Aware Access Control.- Specification and Realization of Access Control in SPKI/SDSI.- Key Management and Security in Wireless Networks.- Design of Key Establishment Protocol Using One-Way Functions to Avert insider-replay Attack.- An Efficient Key Assignment Scheme for Access Control in a Hierarchy.- Adaptation of IEEE 802.1X for Secure Session Establishment Between Ethernet Peers.- Secure Data Management in Reactive Sensor Networks.- Threat Analysis, Detection and Recovery.- Security Ontology: Simulating Threats to Corporate Assets.- Two-Stage Credit Card Fraud Detection Using Sequence Alignment.- New Malicious Code Detection Using Variable Length n-grams.- A Dead-Lock Free Self-healing Algorithm for Distributed Transactional Processes.- Cryptography and Encryption.- An Efficient Public Key Cryptosystem Secure Against Chosen Ciphertext Attack.- A Partial Image Encryption Method with Pseudo Random Sequences.- High Capacity Lossless Data Hiding.- An Implementation and Evaluation of Online Disk Encryption for Windows Systems.- Short Papers and Research Reports.- Disclosure Risk in Dynamic Two-Dimensional Contingency Tables (Extended Abstract).- A Survey of Control-Flow Obfuscations.- Filtering Out Unfair Recommendations for Trust Model in Ubiquitous Environments.- Secure Itineraries Framework for Mobile Agent Systems.- Malafide Intension Based Detection of Privacy Violation in Information System.- Design and Development of Malafide Intension Based Privacy Violation Detection System (An Ongoing Research Report).- Towards a Formal Specification Method for Enterprise Information System Security.- Recent Research on Privacy Preserving Data Mining.