A paradigmatic analysis of conventional approaches for developing and managing secure is: Implications for research and practice

Abstract

Because the methods of development for Information Systems (IS) do not pay attention to security aspects, several information systems (ISS) security methods have been presented. This paper will analyze traditional/conventional approaches, namely normative standards (e.g. checklists, management and evaluation standards), formal methods, common sense principles and risk management. These approaches will be analyzed in the light of I) the research objectives; II) the organizational role of IS security; III) research approaches used; IV) applicability; and V) a conceptual meta-model for IS. The contribution of the paper is twofold. First the analysis sheds new light on the underlying foundations of the conventional approaches. Second, the analysis suggests several implications for researchers and practitioners. © 2002 Kluwer Academic / Plenum Publishers, New York.