A new paradigm for adding security into is development methods

IFIP Advances in Information and Communication Technology

Volumn 72, Issue , 2002, Pages 99-111

  Siponen, Mikko ^a   Baskerville, Richard ^b  

^a UNIVERSITY OF OULU   (Finland)

^b GEORGIA STATE UNIVERSITY   (United States)

Author keywords

IS security

Indexed keywords

COMPUTER SUPPORTED COOPERATIVE WORK; INDUSTRIAL MANAGEMENT; INFORMATION SYSTEMS; INFORMATION USE; SECURITY OF DATA;

COMPREHENSIVE MODEL; DESIGN APPROACHES; DEVELOPMENT METHOD; FUNDAMENTAL BARRIERS; IS DEVELOPMENT; RESEARCH QUESTIONS; SECURE INFORMATION SYSTEMS; SECURITY ASPECTS;

INFORMATION MANAGEMENT;

EID: 84904255922     PISSN: 18684238     EISSN: None     Source Type: Book Series    
DOI: None     Document Type: Conference Paper

References (37)

1. Anderson, R., (1999), How to Cheat at the Lottery (or, Massively Parallel Requirements Engineering), Annual Computer Security Applications Conference (ACSAC99).
2. Baskerville, R., (1988), Designing Information Systems Security. John Wiley Information System Series.
3. Baskerville, R., (1989), Logical Controls Specification: An approach to information system security, In H. Klein & K. Kumar (eds.) systems development for human progress. Amsterdam: North-Holland.
4. Baskerville, R., (1993), Information Systems Security Design Methods: Implications for information Systems Development. ACM Computing Surveys 25, (4) December, pp. 375-414.
5. Baskerville, R. (1996). Structural Artifacts in Method Engineering: The Security Imperative. In S. Brinkkemper & K. Lyytinen & R. Welke (Eds.), Method Engineering (pp. 8-28). London: Chapman & Hall.
6. Booysen, H.A.S., & Eloff, J.H.P., (1995), A Methodology for the development of secure Application Systems. In proceeding of the 1lth IFIP TC11 international conference on information security, IFIP/SEC'95.
7. Brinkkemper, S., Lyytinen, K., & Welke, R. (Eds.). (1996). Method Engineering. London: Chapman & Hall.
8. Castano, S., Fugini, M., Martell, G., & Samarati, P., (1995), Database Security. Addison-Wesley.
9. Code of Practice for Information Security Management, (1993), Department of Trade and Industry. DISC PD003. British Standard Institution, London, UK.
10. Dhillon, G. and Backhouse, J., (2001), Current directions in IS security research: toward socio-organizational perspectives. Information Systems Journal. Vol 11, No 2.
11. Ellmer, E., Pemul, G., Kappel, G., (1995), Object-Oriented Modeling of Security Semantics. In: Proceedings of the 1lth Annual Computer Society Applications Conference (ACSAC'95). IEEE Computer Society Press.
12. Foley, S.N., (1991), A Taxonomy for Information Flow Policies and Models. Proceedings of the 1991 IEEE Computer Security Symposium on Research in Security and Privacy.
13. Hirschheim, R., Klein, H. K., & Lyytinen, K., (1995), Information Systems Development and Data Modelling: Conceptual and Philosophical Foundations. Cambridge University Press, UK.
14. Hitchings, J., (1995), Achieving an Integrated Design: The Way forward for Information Security. Proceedings of the IFIP TC 11 eleventh international conference on information security, IFIP/SEC'95.
15. Hitchings, J., (1996), A Practical solution to the complex human issues of information security design. Proceedings of the 12th IFIP TC11 international conference on information security, IFIP/SEC'96.
16. Iivari, J., (1989), Levels of abstraction as a Conceptual Framework for an Information Systems. In E. D. Falkenberg and P. Lindgreen (eds): Information System Concepts: An In-depth Analysis. North-Holland, Amsterdam.
17. Iivari, J & Koskela, E., (1987), The PIOCO model for IS design, MIS Quarterly, Vol. 11, No. 3, pp. 401-419.
18. Jaaksi, A., (1998), Our Cases with Use Cases. Joumal of Object-Oriented Programming, vol. 10, no. 9, pp. 58-65.
19. Jacobson, I., Christerson, P. Jonsson, Övergaard, G., (1992), A Use Case Driven Approach. Addison-Wesley Publishing Company.
20. James, H.L., (1996), Managing information systems security: a soft approach. Proceedings of the Information Systems Conference of New Zealand. IEEE Society Press.
21. Kumar, K. & Welke, R.J., (1992), Methodology engineering: A Proposal for situation-specific Methodology construction. In W.W. Cotterman & J.A. Senn (eds): Challenges andStrategies for research in systems development, pp. 257-269.
22. Lyytinen, K., (1987), Two Views on Information Modeling. Information & Management, Vol. 12, pp. 9-19.
23. Lyytinen, K., (1991), A Taxonomic Perspective of Information Systems Development: Theoretical Constructs and Recommendations. In R.J. Boland & R.A. Hirscheim (ed): Critical Issues in Information Systems Research, John Wiley & Sons Ltd.
24. McDermott, J. & Fox, C., "Using abuse case models for security requirements", Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC). IEEE Computer Society Press (1999).
25. McLean, J., (1990), The specification and modelling of computer security. IEEE Computer. January, vol. 23, issue 1, pp. 9-16.
26. Menezes, A.J., van Oorschot, P.C. and Vanstone, S.C., (1999), Handbook of Applied Cryptography. CRC Press, USA.
27. Odell, J. J. (1996). A primer to method engineering. In S. Brinkkkemper & K. Lyytinen & R. Welke (Eds.), Method Engineering: Principles of method construction and tool support (pp. 1-7). London: Chapman & Hall.
28. Parker, D. B., (1998), Fighting Computer Crime - A New Framework for Protecting Information. Wiley Computer Publishing. USA.
29. Pemul, G., Tjoa A. M., & Winiwarter, W., (1998), Modelling Data Secrecy and Integrity. Data & Knowledge Engineering. Vol. 26, pp. 291-308. North Holland.
30. Röhm, A.W., Pernul, G. & Henmann, G., (1998), Modelling secure and fair electronic commerce. Proceedings of the 14th Annual Computer Security Applications Conference, 1998.
31. Röhm, A.W., Pernul, G., (1999), COPS: a model and infrastructure for secure and fair electronic markets. Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences (HICSS-32).
32. Sandhu, R.S., (1993), Lattice-based access controls. IEEE Computer. Vol. 26, no. 11, November, pp. 9-19.
33. Siponen, M.T., (2001), An analysis of the recent IS security development approaches: descriptive and prescriptive implications. In: G. Dhillon (eds:) Information Security Management - Global Challenges in the Next Millennium, Idea Group (2001).
34. Summers, R. C., (1997), Secure Computing: Treats and Safeguards. McGraw-Hill.
35. Straub, D.W. & Welke, R.J., (1998), Coping with Systems Risk: Security Planning Models for Management Decision Making. MIS Quarterly, Vol. 22, No. 4, p. 441-464.
36. Truex, D. P., Baskerville, R., & Klein, H. K. (1999). Growing Systems in an Emergent Organization. Communications of The ACM, 42(8), 117-123.
37. Truex, D., Baskerville, R., & Travis, J. (2000). Amethodical Systems Development: The Deferred Meaning of Systems Development Methods. Accounting, Management and Information Technology, 10, 53-79.