Embedding security practices in contemporary information systems development approaches

Information Management and Computer Security

Volumn 9, Issue 4, 2001, Pages 183-197

  Tryfonas, T ^a   Kiountouzis, E ^a   Poulymenakou, A ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

Development; Information systems; Security

Indexed keywords

COMPUTER HARDWARE; COMPUTER SOFTWARE; INFORMATION TECHNOLOGY; MANAGEMENT INFORMATION SYSTEMS; PERSONNEL; SOCIETIES AND INSTITUTIONS;

CONTEMPORARY INFORMATION SYSTEMS;

SECURITY OF DATA;

EID: 0035780469     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220110401254     Document Type: Article

References (31)

1. Avison, D.E. and Fitzgerald, G. (1993), Information Systems Development: Methodologies, Techniques, Tools, Alfred Waller.
2. Baskerville, R. (1993), "Information systems security design methods: implications for information systems development", ACM Computing Surveys, Vol. 25 No. 4.
3. Checkland, P. (1999), Soft Systems Methodology: A 30-Year Retrospective, Wiley Publications, New York, NY.
4. Clements, P. (1995), "From subroutines to subsystems: component-based software development", The American Programmer, Vol. 8 No. 11.
5. Doukidis, G., Smithson, S. and Naoum, G. (1992), "Information systems management in Greece: issues and perceptions", Journal of Strategic Information Systems, Vol. 1 No. 2.
6. Downs, E., Clare, P. and Coe, I. (1992), SSADM: Application and Context, Prentice-Hall, Englewood Cliffs, NJ.
7. Duncan, R. (1995), "There are some cracks in the cornerstone of information security", Computers & Security, Vol. 14, pp. 675-80.
8. Eden, C. and Huxham, C. (1996), "Action research for the study of organisations", in Clegg, S.R., Hardu, C. and Nord, W.R. (Eds), Handbook of Organisation Studies, Sage, Beverly Hills, CA.
9. Eloff, M., and Von Solms, B. (2000), "Information security: process evaluation and product evaluation", in Qing, S. and Eloff, J. (Eds), Information Security for Global Information Infrastructures, Kluwer Academic Publishers, New York, NY, pp. 11-19.
10. Felici, M. et al. (2000), "Integration of functional, cognitive and quality requirements. A railways case study", Information and Software Technology, Vol. 42, pp. 993-1000.
11. Fillery, P. and Chantler, A. (1994), "Is lack of serious acceptance and application of software quality assurance principles a password to information security problems?", Proceedings of the IFIP/SEC94.
12. Fitzgerald, B. (1998), "An empirical investigation into the adoption of system development methodologies", Information & Management, Vol. 34, pp. 317-28.
13. Fowler, A. and Wilkinson, T. (1998), "An examination of the role of the information systems center", Journal of Strategic Information Systems, Vol. 7, pp. 87-111.
14. Grindley, K. (1995), Managing IT at Board Level, Pitman Publishing, London.
15. Hancock, B. (1999), "Security views", Computers & Security, Vol. 18, pp. 646-59.
16. Hayam, A. and Oz, E. (1993), "Integrating data security into the systems development life cycle", Journal of Systems Management, Vol. 8 No 44, pp. 16-20.
17. Henderson, S. and Snyder, C. (1999), "Personal information privacy: implications for MIS managers", Information & Management, Vol. 36, pp. 213-20.
18. Hitchings, J. (1995), "Deficiencies of the traditional approach to information security and the requirements for a new methodology", Computers & Security, Vol. 14, pp. 377-83.
19. Howard, G.S. et al. (1999), "The efficacy of matching information systems development methodologies with application characteristics - an empirical study", The Journal of Systems and Software, Vol. 45, pp. 177-95.
20. IBAG (1993), Framework for Commercial IT Security, INFOSEC Business Advisory Group, Version 2.0.
21. ITSEC (1991), Information Technology Security Evaluation Criteria, Provisional Harmonized Criteria, Commission of the European Communities.
22. Jarvinen, P.H. (2000), "Research questions guiding selection of an appropriate research method", Proceedings of the 8th European Conference on Information Systems (ECIS).
23. Klein, H. and Myers, M. (1999), "A set of principles for conducting and evaluating interpretive field studies in information systems", MIS Quarterly, Vol. 23 No. 1, pp. 67-94.
24. Pouloudi, A. (1999), "Aspects of the stakeholder concept and their implications for information systems development", Proceedings of the 32nd IEEE Hawaii International Conference on System Sciences.
25. Slaughter, S. and Soon, A. (1996), "Employment outsourcing in IS", Communications of the ACM, Vol. 39 No. 7.
26. Vasarhelyi, M. and Kogan, A. (1999), "Continuous auditing and IT developments", IS Audit & Control Journal, Volume V.
27. Virgo, J. (1996), 1996 IDPM IT Skills Trends Report, Institute of Data Processing Management.
28. Walsham, G. (1995), "Interpretive case studies in IS research: nature and method", European Journal of Information Systems, Vol. 4, pp. 74-81.
29. Whyte, G., Bytheway, A. and Edwards, C. (1997), "Understanding user perceptions of information systems success", Journal of Strategic Information Systems, Vol. 6, pp. 35-68.
30. Wood, C.C. (1995), "Shifting IS security responsibility from user organisations to vendor/publisher organisations", Computers & Security, Vol. 14, pp. 283-4.
31. Wood, C.C. and Snow, K. (1995), "ISO 9000 and information security", Computers & Security, Vol. 14, pp. 287-8.