This book represents the proceedings of the 11th Working Conference on Information Security Management, organised by IFIP TC-11 Working Group 11.1 (Information Security Management), which was held in Richmond, Virginia on 16-17 October 2008. A total of 9 papers are included, each of which was subject to double-blind review by at least two members of the International Programme Committee.