Information Security Engineering: a Framework for Research and Practices
Keywords:
Computer Science, Information Security Engineering (ISE), Systems Engineering, Information SystemsAbstract
Information security is not a new topic in academics and industry. However, through a comprehensive literature review, we found that most research in information security focus on technical perspectives including evaluation methods and mathematical approaches for securities, risk mitigation algorithms, with some research focus on economic perspective of information security and even a few talked about social engineering of information security. There is not a unique framework to integrate different types of research in information security. We believe that information security research apply the theories and methodologies in systems engineering to investigate the problems, that is, information security engineering. In this paper, we propose a conceptual framework of information security engineering. This framework explicitly illustrates the methodological system, content system, procedures and strategies for information security engineering research and practices.
*Corresponding author: Mincong Tang,
E-mail mincong@bjtu.edu.cn
References
Ashenden, D., Information Security management: A human challenge?, Information Security Technical Report,13(4): 195-201, 2008 http://dx.doi.org/10.1016/j.istr.2008.10.006
Bonatti, P. & Samarati, P., A Uniform Framework for Regulating Service Access and Information Release on the Web, Journal of Computer Security, 10(3):241-271, 2002
Chrisment, I. & Schaff, A., Dynamic Group Communication Security, Proceedings of Sixth IEEE Symposium on Computers and Communications, 49-56, 2001
Chang, S. & Lin, C., Exploring Organizational Culture for Information Security Management, Industrial Management & Data Systems, 107(3):438-458, 2007 http://dx.doi.org/10.1108/02635570710734316
Cheng, et al., Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control, IEEE Symposium on Security and Privacy, 222-230, 2007
Cheng et al., A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems, International Conference on Information Security and Assurance, 350-364, 2008
Dhillon, G. & Backhouse, J., Information System Security Management in the New Millennium, Communications of the ACM, 43(7): 125-128, 2000 http://dx.doi.org/10.1145/341852.341877
Eloff, J. & Eloff, M., Information Security Management: a New Paradigm, Proceedings of the 2003 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on Enablement Through Technology, 130-136, 2003
Georg, G., Ray, I. & France, R., Using Aspects to Design a Secure System, Proceedings of the Eighth IEEE international Conference on Engineering of Complex Computer Systems, 117-226, 2002
Gritzalis D. & Lambrinoudakis, C., A Security Architecture for Interconnecting Health Information Systems, International Journal of Medical Informatics, 73(3):305-309, 2004 http://dx.doi.org/10.1016/j.ijmedinf.2003.12.011
Hong, K., Chi, Y., Chao, L. & Tang, J., An Integrated System Theory of Information Security Management, Information Management & Computer Security, 11(5): 243-248, 2003 http://dx.doi.org/10.1108/09685220310500153
Jones, R. & Rastogi, A., Secure Coding: Building Security into the Software Development Life Cycle, Information Systems Security, 13(5): 29-39, 2004 http://dx.doi.org/10.1201/1086/44797.13.5.20041101/84907.5
Jurjens, J., Towards Development of Secure Systems Using UMLsec, Fundamental Approaches to Software Engineering Lecture Notes in Computer Science, Vol. 2029: 187-200, 2001
Kagal, L., Finin, T. & Joshi, A., Trust-Based Security in Pervasive Computing Environments, Computer, December: 151-157, 2001
Karyda, M., Kiountouzis, E. & Kokolakis, S., Information Systems Security Policies: a Contextual Perspective, Computers & Security, 24(3):246-260, 2005 http://dx.doi.org/10.1016/j.cose.2004.08.011
Khadra, A., Liu, X. & Shen, X., Robust Impulsive Synchronization and Application to Communication Security, Dynamics of Continuous, Discrete and Impulsive Systems Series B: Applications & Algorithms, 10: 403-416, 2003
Kiani-B, A., Fallahi, K., Pariz, N. & Leung, H., A Chaotic Secure Communication Scheme Using Fractional Chaotic Systems Based on an Extended Fractional Kalman Filter, Communications in Nonlinear Science and Numerical Simulation, 14(3), 863-879, 2009 http://dx.doi.org/10.1016/j.cnsns.2007.11.011
Liang,Y., Poor, H. & Shamai, S., Secure Communication Over Fading Channels, IEEE Transactions on Information Theory, 54(6):2470-2492, 2008 http://dx.doi.org/10.1109/TIT.2008.921678
Mellado, D., Fernández-Medina, E. & Piattini, M., A Common Criteria Based Security Requirements Engineering Process for the Development of Secure Information Systems, Computer Standards & Interfaces, 29(2): 244-253, 2007 http://dx.doi.org/10.1016/j.csi.2006.04.002
Mouratidis, H., Giorgini, P. & Manson, G., When Security Meets Software Engineering: A Case of Modelling Secure Information Systems, Information Systems, 30(8): 609-629, 2005 http://dx.doi.org/10.1016/j.is.2004.06.002
Mouratidis, H. & Jurjens, J., From Goal-Driven Security Requirements Engineering to Secure Design, International Journal of Intelligent Systems, 25(8):813-840, 2010 http://dx.doi.org/10.1002/int.20432
Saint-Germain, R., Information Security Management Best Practice Based on ISO/IEC 17799, The Information Management Journal, July/August: 60-66, 2005
Siponen, M. & Oinas-Kukkonen, H., A Review of Information Security Issues and Respective Research Contributions, The DATA BASE for Advances in Information Systems, ISSN 1532- 0936, 38(1): 60-80, 2007
Solms, B., Information Security Governance-Compliance Management Vs. Operational Management, Computers & Security, 24(6): 443-447, 2005
Solms, B. & Solms, R., The 10 Deadly Sins of Information Security Management, Computers & Security, 23(5): 371-376, 2004 http://dx.doi.org/10.1016/j.cose.2004.05.002
Tsoumas, B. & Gritzalis, D., Towards an Ontology-based Security Management, Proceedings of the 20th International Conference on Advanced Information Networking and Applications, 2006
Werlinger, R., Hawkey, K. & Beznosov,K., An Integrated View of Human, Organizational, and Technological Challenges of IT Security Management, Information Management & Computer Security, 17(1): 4-19, 2009 http://dx.doi.org/10.1108/09685220910944722
Villarroel, R., Fernández-Medina, E. & Piattini, M., Secure Information Systems Development: A Survey and Comparison, Computers & Security, 30(8):609-629, 2005
Whitman, M., Enemy at the Gate: Threats to Information Security, Communications of the ACM, 46(8):91-95, 2003 http://dx.doi.org/10.1145/859670.859675
Yang, T., A Survey of Chaotic Secure Communication Systems, International Journal of Computational Cognition, 2(2): 81-130, 2004
Published
Issue
Section
License
ONLINE OPEN ACCES: Acces to full text of each article and each issue are allowed for free in respect of Attribution-NonCommercial 4.0 International (CC BY-NC 4.0.
You are free to:
-Share: copy and redistribute the material in any medium or format;
-Adapt: remix, transform, and build upon the material.
The licensor cannot revoke these freedoms as long as you follow the license terms.
DISCLAIMER: The author(s) of each article appearing in International Journal of Computers Communications & Control is/are solely responsible for the content thereof; the publication of an article shall not constitute or be deemed to constitute any representation by the Editors or Agora University Press that the data presented therein are original, correct or sufficient to support the conclusions reached or that the experiment design or methodology is adequate.
