Understanding computers and cognition
Understanding computers and cognition
Measuring computer system security using software security metrics
Proceedings of the 2nd IFIP international conference on Computer security: a global challenge
Computer security: a comprehensive controls checklist
Computer security: a comprehensive controls checklist
The PIOCO model for information systems design
MIS Quarterly
Designing information systems security
Designing information systems security
Critical issues in information systems research
Computer and communications security: strategies for the 1990s
Computer and communications security: strategies for the 1990s
Evaluation of safety-critical software
Communications of the ACM
Systems development in information systems research
Journal of Management Information Systems - Special issue on management support systems
Risk analysis as a source of professional knowledge
Computers and Security
Communications of the ACM
Information systems security design methods: implications for information systems development
ACM Computing Surveys (CSUR)
Information systems security: a practitioner's reference
Information systems security: a practitioner's reference
Communications of the ACM
Information systems development and data modeling: conceptual and philosophical foundations
Information systems development and data modeling: conceptual and philosophical foundations
Web security & commerce
Can security baselines replace risk analysis?
SEC'97 Proceedings of the IFIP TC11 13 international conference on Information Security (SEC '97) on Information security in research and business
Fighting computer crime: a new framework for protecting information
Fighting computer crime: a new framework for protecting information
Computer security
A set of principles for conducting and evaluating interpretive field studies in information systems
MIS Quarterly - Special issue on intensive research in information systems
Viewpoint: choosing appropriate information systems research methodologies
Communications of the ACM
Technical opinion: Information system security management in the new millennium
Communications of the ACM
Guidelines for the Security of Information Systems
Guidelines for the Security of Information Systems
Information Systems Security
Computer Insecurity
Computer Security Research: A British Perspective
IEEE Software
IEEE Expert: Intelligent Systems and Their Applications
Risk analysis on Internet connection
Proceedings of the IFIP TC11 WG11.1/WG11.2 Seventh Annual Working Conference on Information Security Management & Small Systems Security
A Process Standard for System Security Engineering: Development Experiences and Pilot Results
ISESS '97 Proceedings of the 3rd International Software Engineering Standards Symposium (ISESS '97)
Managing information systems security: a soft approach
ISCNZ '96 Proceedings of the 1996 Information Systems Conference of New Zealand (ISCNZ '96)
Risk assessment for large heterogeneous systems
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
Formal Development of Secure Email
HICSS '99 Proceedings of the Thirty-Second Annual Hawaii International Conference on System Sciences-Volume 3 - Volume 3
Prudent Engineering Practice for Cryptographic Protocols
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Formal methods in the THETA kernel
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Some weaknesses of the TCB model
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Against Structured Approaches: Information Requirements Analysis as a Socially Mediated Process
HICSS '97 Proceedings of the 30th Hawaii International Conference on System Sciences: Information System Track-Organizational Systems and Technology - Volume 3
| Hi-index | 0.00 |
Because the methods of development for Information Systems (IS) do not pay attention to security aspects, several information systems (ISS) security methods have been presented. This paper will analyze traditional/conventional approaches, namely normative standards (e.g. checklists, management and evaluation standards), formal methods, common sense principles and risk management. These approaches will be analyzed in the light of I) the research objectives; II) the organizational role of IS security; III) research approaches used; IV) applicability; and V) a conceptual meta-model for IS. The contribution of the paper is twofold. First the analysis sheds hew light on the underlying foundations of the conventional approaches. Second, the analysis suggests several implications for researchers and practitioners.