The 7th Annual Working Conference of ISMSSS (lnformation Security Management and Small Systems Security), jointly presented by WG 11.1 and WG 11.2 of the International Federation for Information Processing {IFIP), focuses on various state-of-art concepts in the two relevant fields. The conference focuses on technical, functional as well as managerial issues. This working conference brings together researchers and practitioners of different disciplines, organisations, and countries, to discuss the latest developments in (amongst others) secure techniques for smart card technology, information security management issues, risk analysis, intranets, electronic commerce protocols, certification and accreditation and biometrics authentication. W e are fortunate to have attracted at least six highly acclaimed international speakers to present invited lectures, which will set the platform for the reviewed papers. Invited speakers will talk on a broad spectrum of issues, all related to information security management and small system security issues. These talks cover new perspectives on secure smart card systems, the role of BS7799 in certification, electronic commerce and smart cards, iris biometrics and many more. AH papers presented at this conference were reviewed by a minimum of two international reviewers. W e wish to express our gratitude to all authors of papers and the international referee board. W e would also like to express our appreciation to the organising committee, chaired by Leon Strous, for aU their inputs and arrangements.

one - Reviewed papers.- 1. A protocol improvement for High-bandwidth encryption using non-encrypting Smart Cards.- 2. Real-time Risk Analysis on the Internet: a prototype.- 3. A practical approach to manage data communication security.- 4. The Future of Australian & New Zealand Security Standard AS/NZS 4444?.- 5. The Effective Utilization of Audit Logs in Information Security Management.- 6. An approach to standardizing security analysis methods for virtual systems.- 7. Information Security at Top Level - Securometer® streamlines management information.- 8. Risk analysis on Internet connection.- 9. A Secure Station for Network Monitoring and Control.- 10. Security aspects of a Java-servlet-based web-hosted e-mail system.- 11. Time as an Aid to Improving Security in Smart Cards.- 12. The Intranet Authorization Paradigm.- 13. Predicting the Performance of Transactional Electronic Commerce Protocols.- two - Invited papers.- 14. The Cyber-Posture of the National Information Infrastructure.- 15. Principles of Iris Recognition.- 16. Designing a Secure System for Implementing Chip Cards in the Financial Services Industry.- 17. New models for the management of public key infrastructure and root certification authorities.- 18. A Secure Electronic Commerce Environment: Only with "Smart Cards".- Index of contributors.