|
Authors: Baskerville, Richard. |
|
Computer Security, Information Security, Checklists,
Control, Integrity, Risk Assessment, Risk Analysis, Safety, Structured
Systems Analysis and Design, System Modeling |
|
The security of information systems is a serious issue
because computer abuse is increasing.
It is important, therefore, that systems analysts and designers
develop expertise in methods for specifying information systems
security. The characteristics found in
three generations of general information system design methods provide a
framework for comparing and understanding current security design
methods. These methods include
approaches that use checklists of controls, divide functional requirements
into engineering partitions, and create abstract models of both the problem
and the solution. Comparisons and
contrasts reveal that advances in security methods lag behind advances in
general systems development methods.
This analysis also reveals that more general methods fail to consider
security specifications rigorously. |