This book constitutes the refereed proceedings of the 4th International Conference on Information Systems Security, ICISS 2008, held in Hyderabad, India, in December 2008. The 15 revised full papers, 4 short papers, and 2 research reports presented together with 4 keynote talks were carefully reviewed and selected from 81 submissions. The papers span a wide range of topics including access control, cryptography, forensics, formal methods and language-based security, intrusion detection, malware defense, network and Web security, operating system security, and privacy, and are organized in topical sections on languages and formal methods, protocols, ongoing research, intrusion detection, biometrics, forensics and steganography, and practical applications.