Information Security Engineering: a Framework for Research and Practices


  • Meng’gang Li China Center for Industrial Security Research, Beijing Jiaotong University, China
  • Mincong Tang International Center for Informatics Research, Beijing Jiaotong University, China


Computer Science, Information Security Engineering (ISE), Systems Engineering, Information Systems


Information security is not a new topic in academics and industry. However, through a comprehensive literature review, we found that most research in information security focus on technical perspectives including evaluation methods and mathematical approaches for securities, risk mitigation algorithms, with some research focus on economic perspective of information security and even a few talked about social engineering of information security. There is not a unique framework to integrate different types of research in information security. We believe that information security research apply the theories and methodologies in systems engineering to investigate the problems, that is, information security engineering. In this paper, we propose a conceptual framework of information security engineering. This framework explicitly illustrates the methodological system, content system, procedures and strategies for information security engineering research and practices.

*Corresponding author: Mincong Tang,


Author Biography

Meng’gang Li, China Center for Industrial Security Research, Beijing Jiaotong University, China

Department of Mathematics and Computer Science


Ashenden, D., Information Security management: A human challenge?, Information Security Technical Report,13(4): 195-201, 2008

Bonatti, P. & Samarati, P., A Uniform Framework for Regulating Service Access and Information Release on the Web, Journal of Computer Security, 10(3):241-271, 2002

Chrisment, I. & Schaff, A., Dynamic Group Communication Security, Proceedings of Sixth IEEE Symposium on Computers and Communications, 49-56, 2001

Chang, S. & Lin, C., Exploring Organizational Culture for Information Security Management, Industrial Management & Data Systems, 107(3):438-458, 2007

Cheng, et al., Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control, IEEE Symposium on Security and Privacy, 222-230, 2007

Cheng et al., A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems, International Conference on Information Security and Assurance, 350-364, 2008

Dhillon, G. & Backhouse, J., Information System Security Management in the New Millennium, Communications of the ACM, 43(7): 125-128, 2000

Eloff, J. & Eloff, M., Information Security Management: a New Paradigm, Proceedings of the 2003 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on Enablement Through Technology, 130-136, 2003

Georg, G., Ray, I. & France, R., Using Aspects to Design a Secure System, Proceedings of the Eighth IEEE international Conference on Engineering of Complex Computer Systems, 117-226, 2002

Gritzalis D. & Lambrinoudakis, C., A Security Architecture for Interconnecting Health Information Systems, International Journal of Medical Informatics, 73(3):305-309, 2004

Hong, K., Chi, Y., Chao, L. & Tang, J., An Integrated System Theory of Information Security Management, Information Management & Computer Security, 11(5): 243-248, 2003

Jones, R. & Rastogi, A., Secure Coding: Building Security into the Software Development Life Cycle, Information Systems Security, 13(5): 29-39, 2004

Jurjens, J., Towards Development of Secure Systems Using UMLsec, Fundamental Approaches to Software Engineering Lecture Notes in Computer Science, Vol. 2029: 187-200, 2001

Kagal, L., Finin, T. & Joshi, A., Trust-Based Security in Pervasive Computing Environments, Computer, December: 151-157, 2001

Karyda, M., Kiountouzis, E. & Kokolakis, S., Information Systems Security Policies: a Contextual Perspective, Computers & Security, 24(3):246-260, 2005

Khadra, A., Liu, X. & Shen, X., Robust Impulsive Synchronization and Application to Communication Security, Dynamics of Continuous, Discrete and Impulsive Systems Series B: Applications & Algorithms, 10: 403-416, 2003

Kiani-B, A., Fallahi, K., Pariz, N. & Leung, H., A Chaotic Secure Communication Scheme Using Fractional Chaotic Systems Based on an Extended Fractional Kalman Filter, Communications in Nonlinear Science and Numerical Simulation, 14(3), 863-879, 2009

Liang,Y., Poor, H. & Shamai, S., Secure Communication Over Fading Channels, IEEE Transactions on Information Theory, 54(6):2470-2492, 2008

Mellado, D., Fernández-Medina, E. & Piattini, M., A Common Criteria Based Security Requirements Engineering Process for the Development of Secure Information Systems, Computer Standards & Interfaces, 29(2): 244-253, 2007

Mouratidis, H., Giorgini, P. & Manson, G., When Security Meets Software Engineering: A Case of Modelling Secure Information Systems, Information Systems, 30(8): 609-629, 2005

Mouratidis, H. & Jurjens, J., From Goal-Driven Security Requirements Engineering to Secure Design, International Journal of Intelligent Systems, 25(8):813-840, 2010

Saint-Germain, R., Information Security Management Best Practice Based on ISO/IEC 17799, The Information Management Journal, July/August: 60-66, 2005

Siponen, M. & Oinas-Kukkonen, H., A Review of Information Security Issues and Respective Research Contributions, The DATA BASE for Advances in Information Systems, ISSN 1532- 0936, 38(1): 60-80, 2007

Solms, B., Information Security Governance-Compliance Management Vs. Operational Management, Computers & Security, 24(6): 443-447, 2005

Solms, B. & Solms, R., The 10 Deadly Sins of Information Security Management, Computers & Security, 23(5): 371-376, 2004

Tsoumas, B. & Gritzalis, D., Towards an Ontology-based Security Management, Proceedings of the 20th International Conference on Advanced Information Networking and Applications, 2006

Werlinger, R., Hawkey, K. & Beznosov,K., An Integrated View of Human, Organizational, and Technological Challenges of IT Security Management, Information Management & Computer Security, 17(1): 4-19, 2009

Villarroel, R., Fernández-Medina, E. & Piattini, M., Secure Information Systems Development: A Survey and Comparison, Computers & Security, 30(8):609-629, 2005

Whitman, M., Enemy at the Gate: Threats to Information Security, Communications of the ACM, 46(8):91-95, 2003

Yang, T., A Survey of Chaotic Secure Communication Systems, International Journal of Computational Cognition, 2(2): 81-130, 2004



Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.