Information systems security design methods
- 1 December 1993
- journal article
- Published by Association for Computing Machinery (ACM) in ACM Computing Surveys
- Vol. 25 (4) , 375-414
- https://doi.org/10.1145/162124.162127
Abstract
The security of information systems is a serious issue because computer abuse is increasing. It is important, therefore, that systems analysts and designers develop expertise in methods for specifying information systems security. The characteristics found in three generations of general information system design methods provide a framework for comparing and understanding current security design methods. These methods include approaches that use checklists of controls, divide functional requirements into engineering partitions, and create abstract models of both the problem and the solution. Comparisons and contrasts reveal that advances in security methods lag behind advances in general systems development methods. This analysis also reveals that more general methods fail to consider security specifications rigorously.Keywords
This publication has 23 references indexed in Scilit:
- A report on the joint CIMA and IIA computer fraud surveyComputers & Security, 1992
- Random bits & bytesComputers & Security, 1992
- Risk analysis as a source of professional knowledgeComputers & Security, 1991
- One approach to risk assessmentComputers & Security, 1991
- Computer security methodology: Risk analysis and project definitionComputers & Security, 1990
- SPAN—a DSS for security plan analysisComputers & Security, 1990
- Principles of secure information systems designComputers & Security, 1990
- Principles and procedures of the LRAM approach to information systems risk analysis and managementComputers & Security, 1987
- Computer crime — numbers lieComputers & Security, 1987
- Computer-related embezzlementComputers & Security, 1987