Abstract
There are suggestions that security may be an integrated part of any systems development method. One way to do this is to use a meta-methodology. With this theory as a leading star, a model, called the Pentagon Model is built as a bridge between The Systems Lifecycle (SLC) method and a company’s security tools. The model describes what to do in order to develop more secure information systems, rather than a detailed description on how to do to succeed in this work. The level of security in the systems is determined by the context and will differ from case to case. This demands a flexible tool for integrating appropriate security solutions for each system. The Pentagon Model is designed to work together with the SLC, an approach used by most developers today. This way we eliminate the re-engineering of the model to fit in different projects, which might be necessary with a fixed and static model.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35691-4_52
Chapter PDF
Similar content being viewed by others
References
Baskerville, R.: E-mail interview. 2001/10/04
Baskerville, R.: Designing Information Systems Security, John Wiley and Sons, Chichester, 1988
Baskerville, R.: “The Developmental Duality of Information Systems Security”, J of Mgm Systems 4 (1) 1992, pp. 1–12
Baskerville, R.: “Information Systems Security Design: Implications for Information Systems Development”, Computing Surveys 25 (4), December 1994 pp. 375–414
Common Criteria, http://www.commoncriteria.or_,2001/10/23
SBA Scenario 4.0, SCS 2000
Evertsson, Uand Örthberg, U: “Bringing Security to Software. Introducing the Pentagon Model”, DSV, 2002
Fillery-James, H: “A Soft Approach To Management of IS”, PhD, School of Public Health, Curtin University of Technology, Perth, 1999 [Lundquist 2001] Lundquist, Mats: Interview and demonstration of SBA Scenario, Dataföreningen, 2001/10/31
Magnusson, C: Hedging Shareholder Value in an IT-dependent Business Society the Framework BRITS, PhD, DSV, 1999
In dept interview regarding the Pentagon Model, the FGSS and the methods used in modeling, 2001/09/28
Siponen, M.: “On the Scientific Background of Information Security Management Standard: a Critique and an Agenda for Further Development”, 2°d Annual Int. SSE Conference, 28 Feb — 2 March 2001, Orlando, Florida, USA
Siponen, MandBaskerville, R: “A New Paradigm For Adding Security Into IS Development” in Advances in Information Security Management and small Systems Security. Eloff, J., Labuschange, L., von Solms, R., and Dillon, G. ( Eds ), Kluwer Academic Publishers, 2001
Siponen, Mikko T.: “A Paradigmatic Analysis of Conventional Approaches for Developing and Managing Secure IS — Implications for Research and Practice”, 6th International Conference on Information Security, 11–13 June 2001, Paris, France
Siponen, Mikko T.: “An Analysis of the Recent IS Security Development Approaches, In G. Dhillon: IS Mgt — Global Challenges in the Next Millennium, Idea Group Publishing, 2001
Siponen, M: E-mail interview, 2001/10/04
“SSE-CMM — Model Description Document, Version 2.0”,CMU/SEI, Carnegie Mellon University — Software Engineering Institute, Pittsburgh, 1999
Yngström, L: “A Systemic-Holistic Approach to Academic Programmes in IT Security”, PhD, DSV, Kista, 1996
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this paper
Cite this paper
Evertsson, U., Örthberg, U., Yngström, L. (2003). Integrating Security Into Systems Development. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S. (eds) Security and Privacy in the Age of Uncertainty. SEC 2003. IFIP — The International Federation for Information Processing, vol 122. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35691-4_14
Download citation
DOI: https://doi.org/10.1007/978-0-387-35691-4_14
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6489-5
Online ISBN: 978-0-387-35691-4
eBook Packages: Springer Book Archive