logodl
arrow ACM Computing Surveys
 
arrow Volume 25 , Issue 4 (1993)

access SIGs conferences publication page subscription page

Information systems security design methods implications for information systems development
Pages 375-414

Richard Baskerville

metadata:   abstract index terms  
rule rule rule rule
full text:   pdf 3359 KB


back to top
blue HR

ABSTRACT

The security of information systems is a serious issue because computer abuse is increasing. It is important, therefore, that systems analysts and designers develop expertise in methods for specifying information systems security. The characteristics found in three generations of general information system design methods provide a framework for comparing and understanding current security design methods. These methods include approaches that use checklists of controls, divide functional requirements into engineering partitions, and create abstract models of both the problem and the solution. Comparisons and contrasts reveal that advances in security methods lag behind advances in general systems development methods. This analysis also reveals that more general methods fail to consider security specifications rigorously.


back to top
blue HR

INDEX TERMS

Categories and Subject Descriptors:
Computer Systems Organization - General (C.0): Systems specification methodology; Information Systems -Models and Principles - Systems and Information Theory (H.1.1): Value of information; Information Systems -Models and Principles - User/Machine Systems (H.1.2): Human factors; Computing Milieux -Management of Computing and Information Systems - Project and People Management (K.6.1): Systems analysis and design; Computing Milieux -Management of Computing and Information Systems - Security and Protection (K.6.5): Authentication; Computing Milieux -Management of Computing and Information Systems - Security and Protection (K.6.5): Insurance**; Computing Milieux -Management of Computing and Information Systems - Security and Protection (K.6.5): Invasive software; Computing Milieux -Management of Computing and Information Systems - Security and Protection (K.6.5): Physical security**;

General Terms:
Management, Security

Keywords:
checklists, control, integrity, risk analysis, safety, structured systems analysis and design, system modeling




blue HR