A five-factor framework for analyzing online risks in e-businesses
Communications of the ACM - Mobile computing opportunities and challenges
Information security management: a new paradigm
SAICSIT '03 Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
A method for designing secure solutions
IBM Systems Journal - End-to-end security
Risk Analysis in Software Design
IEEE Security and Privacy
Principles of Information Security
Principles of Information Security
Design science in information systems research
MIS Quarterly
| Hi-index | 0.00 |
To secure information systems, the security risks and requirements must be clearly understood before the proper security mechanisms can be identified and designed. Today脙¢â聜卢TMs security requirement specifications are generally incomplete and narrowly focused, which leads to ineffective security designs of information systems. The author asserts that multiple views脙¢â聜卢"management, threat, resource, process, assessment, and legal脙¢â聜卢"of information systems provides an opportunity for a better understanding of security risks and requirements. In this paper, the author proposes a six-view perspective of a system security framework to identify a more complete set of security risks and requirements. The proposed framework presents a synergistic view of the system security in which the author presents an extensive list of heuristics/guidelines under each view, discussing security issues, risks, and requirements. Through a case study, the authors shows that a multiple view perspective of system security is effective in determining a more complete set of security requirements than the traditional approach of focusing on threats alone.