Designing information systems security
Designing information systems security
Process innovation: reengineering work through information technology
Process innovation: reengineering work through information technology
Dealing with non-functional requirements: three experimental studies of a process-oriented approach
Proceedings of the 17th international conference on Software engineering
Role-Based Access Control Models
Computer
Studying programmer behavior experimentally: the problems of proper methodology
Communications of the ACM
IEEE Transactions on Software Engineering
Towards Development of Secure Systems Using UMLsec
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Task-role-based access control model
Information Systems
Organizing Business Knowledge: The MIT Process Handbook
Organizing Business Knowledge: The MIT Process Handbook
XML-Based Schema Definition for Support of Interorganizational Workflow
Information Systems Research
Secure Software Development by Example
IEEE Security and Privacy
Articulating and enforcing authorisation policies with UML and OCL
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Bridging the Gap between Software Development and Information Security
IEEE Security and Privacy
Secure knowledge management and the semantic web
Communications of the ACM - The semantic e-business vision
A business process context for Knowledge Management
Decision Support Systems
A case study on process modelling - Three questions and three techniques
Decision Support Systems
Design science in information systems research
MIS Quarterly
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment
Information and Software Technology
| Hi-index | 0.00 |
Information Systems Security (ISS) is critical to ensuring the integrity and credibility of digitally exchanged information in business processes. Information systems development methodology that considers security requirements in the early phases of systems development is essential for ISS. In the context of ISS, information security awareness (SA) can play a vital role in minimizing end-user related security faults and maximizing the efficiency of security techniques. This information security awareness should be present in the requirements gathering phase of the software development process so that analysts become more aware of security constraints and possible violations resulting into secure business processes. In this paper, we extend the work by D'Aubeterre et al. (2008b) to evaluate the utility of Secure Activity Resource Coordination artifacts in generating three levels of security awareness: perception, comprehension and prediction. The experimental evaluation shows that using SARC artifacts analysts are able to better explain the current state of security of a business process. Should violations occur, analysts are able to explain the nature of security violation in terms of segregation of duties, non-repudiation, and authorization.