| Authors: Baskerville, R. Date: 1989 Title: “Logical Controls Specification: an Approach to Information Systems Security” Journal: Systems Development for Human Progress Pages: 241 - 255 |
| information systems, computer security, human entities, systems design, computer technology, controls specification, structured systems techniques. |
| Information systems researchers are ignoring most of the human impact of computer security apart from the perspective of "human entities" represented by data. Other perspectives include those of the systems owner, the system user and the system designer. From the designers' perspective, controls specification is essentially deferred to computer technology. The traditional identification process concentrates on the physical model of the system, resulting in an emphasis on physical controls and a strong likelihood of overlapping or conflicting controls. A case study illustrates that controls specification can be explicitly integrated into a system design using structured systems techniques, concentrating controls in the abstract, logical modelling stage of systems design. Such controls may alleviate some operational misery for owners and users. |