A new paradigm for adding security into is development methods

Abstract

Information system (IS) development methods pay little attention to security aspects. Consequently, several alternative approaches for designing and managing secure information systems (SIS) have been proposed. However, many of these approaches have shortcomings. These approaches lack fully comprehensive modeling schemes in terms of security, i.e. no single method covers all modeling needs. Rarely can these approaches be integrated into existing IS development methods. Also, these approaches do not facilitate the autonomy of developers. This paper describes a framework that helps us understand the fundamental barriers preventing the alternative SIS design approaches from more effectively addressing these shortcomings. This framework is illustrated with an example of a framework-based solution: meta-notation for adding security into IS development methods. Future research questions and implications for research and practice are presented.