The Eighth Annual Working Conference of Information Security Management and Small Systems Security, jointly presented by WG11.1 and WG11.2 of the International Federation for Information Processing (IFIP), focuses on various state-of-art concepts in the two relevant fields. The conference focuses on technical, functional as well as managerial issues. This working conference brings together researchers and practitioners of different disciplines, organisations, and countries, to discuss the latest developments in (amongst others) information security methods, methodologies and techniques, information security management issues, risk analysis, managing information security within electronic commerce, computer crime and intrusion detection. We are fortunate to have attracted two highly acclaimed international speakers to present invited lectures, which will set the platform for the reviewed papers. Invited speakers will talk on a broad spectrum of issues, all related to information security management and small system security issues. These talks cover new perspectives on electronic commerce, security strategies, documentation and many more. All papers presented at this conference were reviewed by a minimum of two international reviewers. We wish to express our gratitude to all authors of papers and the international referee board. We would also like to express our appreciation to the organising committee, chaired by Gurpreet Dhillon, for all their inputs and arrangements. Finally, we would like to thank Les Labuschagne and Hein Venter for their contributions in compiling this proceeding for WG11.1 and WG 11.2.

Reviewed papers.- Web Assurance.- A Model and Implementation Guidelines for Information Security Strategies in Web Environments.- A Three-dimensional Framework for Security Implementation in Mobile Environments.- Maintaining Integrity Within Mobile Self Protecting Objects.- Building on Solid Foundations.- Using GYPSIE, GYNGER and Visual GNY to Analyze Cryptographic Protocols in Spear II.- Security Vulnerabilities and System Intrusions.- A New Paradigm for Adding Security into is Development Methods.- Using Soft Systems Methodology to Facilitate the Development of a Computer Security Teaching Module.- Security Documentation.- Transaction Based Risk analysis - Using Cognitive Fuzzy Techniques.- A Security Method for Healthcare Organisations.- Interpreting Computer-related Crime at the Malaria Research Center.- Intrusion Detection Systems: Possibilities for the Future.- Implementing Information Security Management Systems.