Integrating Security Design into Information Systems Development

  • Murray E. Jennex
  • Margaret Lowe
Conference paper


There are numerous methods for designing information systems (IS) and for designing security into an IS, including rapid application development, checklists, threat analysis and security development methods. However, these methods are not integrated into an overall design methodology that can be used to ensure security requirements are identified and then implemented. Siponen and Baskerville (2001) attempted to resolve this by proposing a security design paradigm that relied on meta-notation to abstract and document integrated security requirements into IS development methods. However, this paradigm has not been widely adopted.


Information System Security Policy Security Requirement Information System Development Security Design 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Allen, J. H., Mikoski Jr., E. F., Nixon, K. M., and Skillman, D. L., 2002, Common sense guide for senior managers: top ten recommended information security practices, in: Internet Security Alliance, Edition.Google Scholar
  2. Baskerville, R., 1993, Information systems security design methods: implications for information systems development, ACM Computing Surveys, 25 (4), 375–414.CrossRefGoogle Scholar
  3. Bass, T. and Robichaux, R., 2002, Defense in depth revisited: qualitative risk analysis methodology for complex network-centric operations,
  4. Clemens, P.L., 2002, Energy Flow/Barrier Analysis, 3rd Edition, Scholar
  5. Computer Security Institute, 2002 CSI/FBI computer crime and security survey, Computer Security Issues and Trends, 8 (1).Google Scholar
  6. Courtney, R., 1997, Security Risk Assessment in Electronic Data Processing, AF1PS Proceedings of the National Computer Conference 46, 97–104.Google Scholar
  7. Crowe, D., 1990, Root Cause Training Course for Catawba Nuclear Station, General Physics Corporation.Google Scholar
  8. Fisher, R., 1984, Information Systems Security, Prentice-Hall, Englewood Cliffs, NJ.Google Scholar
  9. Haddon Jr., W., 1973, Energy damage and the ten countermeasure strategies, Human Factors Journal, 15.Google Scholar
  10. Hartman, S., 2001, Securing E-Commerce: an overview of defense in-depth,
  11. Hollnagel, E., 1999, Accident analysis and barrier functions,
  12. Hutter, D., 2002, Security Engineering, Scholar
  13. Jennex, M.E., “Security Design”, System Design Lecture, IDS 697, San Diego State University, 4/21/03.Google Scholar
  14. Jennex, M.E. and Walters, A., 2003, A comparison of knowledge requirements for operating hacker and security tools, The Security Conference, Information Institute.Google Scholar
  15. Lee, Y., Lee, Z., and Lee, C. K., 2002, A study of integrating the security engineering process into the software lifecycle process standard (IEEE/EIA 12207), 6th Americas Conference on Information Systems, AMCIS, 451–457.Google Scholar
  16. Pfleeger, C. P. and Pfleeger, S. L., 2003. Security in Computing, 3d Edition, Prentice-Hall, Upper Saddle River, NJ.Google Scholar
  17. Siponen, M. and Baskerville, R., 2001, A new paradigm for adding security into IS development methods, 8`h Annual Working Conference on Information Security Management and Small Systems Security.Google Scholar
  18. Trost, W.A. and Nertney, R.J., 1995, Barrier Analysis, Scholar

Copyright information

© Springer Science+Business Media New York 2004

Authors and Affiliations

  • Murray E. Jennex
    • 1
  • Margaret Lowe
    • 1
  1. 1.San Diego State UniversityUSA

Personalised recommendations