Abstract
There are numerous methods for designing information systems (IS) and for designing security into an IS, including rapid application development, checklists, threat analysis and security development methods. However, these methods are not integrated into an overall design methodology that can be used to ensure security requirements are identified and then implemented. Siponen and Baskerville (2001) attempted to resolve this by proposing a security design paradigm that relied on meta-notation to abstract and document integrated security requirements into IS development methods. However, this paradigm has not been widely adopted.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Allen, J. H., Mikoski Jr., E. F., Nixon, K. M., and Skillman, D. L., 2002, Common sense guide for senior managers: top ten recommended information security practices, in: Internet Security Alliance, Edition.
Baskerville, R., 1993, Information systems security design methods: implications for information systems development, ACM Computing Surveys, 25 (4), 375–414.
Bass, T. and Robichaux, R., 2002, Defense in depth revisited: qualitative risk analysis methodology for complex network-centric operations, http://www.silkroad.com/papers/pdf/archives/defense-in-depthrevisited-original.pdf.
Clemens, P.L., 2002, Energy Flow/Barrier Analysis, 3rd Edition, http://www.sverdrup.com/safety/energy.pdf.
Computer Security Institute, 2002 CSI/FBI computer crime and security survey, Computer Security Issues and Trends, 8 (1).
Courtney, R., 1997, Security Risk Assessment in Electronic Data Processing, AF1PS Proceedings of the National Computer Conference 46, 97–104.
Crowe, D., 1990, Root Cause Training Course for Catawba Nuclear Station, General Physics Corporation.
Fisher, R., 1984, Information Systems Security, Prentice-Hall, Englewood Cliffs, NJ.
Haddon Jr., W., 1973, Energy damage and the ten countermeasure strategies, Human Factors Journal, 15.
Hartman, S., 2001, Securing E-Commerce: an overview of defense in-depth, http://www.sans.org/restart/sec_ecom.php.
Hollnagel, E., 1999, Accident analysis and barrier functions, http://www.hai.uu.se/projects/train/papers/accidentanalysis.pdf.
Hutter, D., 2002, Security Engineering, http://www.dtki.de/-hutter/lehre/sicherheit/securityengineering.ppt.
Jennex, M.E., “Security Design”, System Design Lecture, IDS 697, San Diego State University, 4/21/03.
Jennex, M.E. and Walters, A., 2003, A comparison of knowledge requirements for operating hacker and security tools, The Security Conference, Information Institute.
Lee, Y., Lee, Z., and Lee, C. K., 2002, A study of integrating the security engineering process into the software lifecycle process standard (IEEE/EIA 12207), 6th Americas Conference on Information Systems, AMCIS, 451–457.
Pfleeger, C. P. and Pfleeger, S. L., 2003. Security in Computing, 3d Edition, Prentice-Hall, Upper Saddle River, NJ.
Siponen, M. and Baskerville, R., 2001, A new paradigm for adding security into IS development methods, 8`h Annual Working Conference on Information Security Management and Small Systems Security.
Trost, W.A. and Nertney, R.J., 1995, Barrier Analysis, http://ryker.eh.doe.gov/analysis/trac/29/trac29.html.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science+Business Media New York
About this paper
Cite this paper
Jennex, M.E., Lowe, M. (2004). Integrating Security Design into Information Systems Development. In: Linger, H., et al. Constructing the Infrastructure for the Knowledge Economy. Springer, Boston, MA. https://doi.org/10.1007/978-1-4757-4852-9_26
Download citation
DOI: https://doi.org/10.1007/978-1-4757-4852-9_26
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-3459-8
Online ISBN: 978-1-4757-4852-9
eBook Packages: Springer Book Archive