Integrating Security Design into Information Systems Development
There are numerous methods for designing information systems (IS) and for designing security into an IS, including rapid application development, checklists, threat analysis and security development methods. However, these methods are not integrated into an overall design methodology that can be used to ensure security requirements are identified and then implemented. Siponen and Baskerville (2001) attempted to resolve this by proposing a security design paradigm that relied on meta-notation to abstract and document integrated security requirements into IS development methods. However, this paradigm has not been widely adopted.
KeywordsInformation System Security Policy Security Requirement Information System Development Security Design
Unable to display preview. Download preview PDF.
- Allen, J. H., Mikoski Jr., E. F., Nixon, K. M., and Skillman, D. L., 2002, Common sense guide for senior managers: top ten recommended information security practices, in: Internet Security Alliance, Edition.Google Scholar
- Bass, T. and Robichaux, R., 2002, Defense in depth revisited: qualitative risk analysis methodology for complex network-centric operations, http://www.silkroad.com/papers/pdf/archives/defense-in-depthrevisited-original.pdf.
- Computer Security Institute, 2002 CSI/FBI computer crime and security survey, Computer Security Issues and Trends, 8 (1).Google Scholar
- Courtney, R., 1997, Security Risk Assessment in Electronic Data Processing, AF1PS Proceedings of the National Computer Conference 46, 97–104.Google Scholar
- Crowe, D., 1990, Root Cause Training Course for Catawba Nuclear Station, General Physics Corporation.Google Scholar
- Fisher, R., 1984, Information Systems Security, Prentice-Hall, Englewood Cliffs, NJ.Google Scholar
- Haddon Jr., W., 1973, Energy damage and the ten countermeasure strategies, Human Factors Journal, 15.Google Scholar
- Hartman, S., 2001, Securing E-Commerce: an overview of defense in-depth, http://www.sans.org/restart/sec_ecom.php.
- Hollnagel, E., 1999, Accident analysis and barrier functions, http://www.hai.uu.se/projects/train/papers/accidentanalysis.pdf.
- Jennex, M.E., “Security Design”, System Design Lecture, IDS 697, San Diego State University, 4/21/03.Google Scholar
- Jennex, M.E. and Walters, A., 2003, A comparison of knowledge requirements for operating hacker and security tools, The Security Conference, Information Institute.Google Scholar
- Lee, Y., Lee, Z., and Lee, C. K., 2002, A study of integrating the security engineering process into the software lifecycle process standard (IEEE/EIA 12207), 6th Americas Conference on Information Systems, AMCIS, 451–457.Google Scholar
- Pfleeger, C. P. and Pfleeger, S. L., 2003. Security in Computing, 3d Edition, Prentice-Hall, Upper Saddle River, NJ.Google Scholar
- Siponen, M. and Baskerville, R., 2001, A new paradigm for adding security into IS development methods, 8`h Annual Working Conference on Information Security Management and Small Systems Security.Google Scholar