TY - JOUR
T1 - Secure information systems development - A survey and comparison
AU - Villarroel, Rodolfo
AU - Fernández-Medina, Eduardo
AU - Piattini, Mario
N1 - Funding Information:
This research is part of the CALIPO (TIC2003-07804-C05-03) and RETISTIC (TIC2002-12487-E) projects, supported by the Dirección General de Investigación of the Ministerio de Ciencia y Tecnología, and the network VII-J.RITOS2 financed by CYTED.
PY - 2005/6
Y1 - 2005/6
N2 - Nowadays, security solutions are mainly focused on providing security defences (such as firewalls, routers, configuration server, password and encryption) instead of solving one of the main reasons of security problems that refers to an appropriate information systems design. Fortunately, there have been developed new methodologies incorporating security into their development processes. This paper makes a comparison of eleven secure systems design methodologies. The analysed methodologies fulfil criteria partially and in this paper, we make it clear that security aspects cannot be completely specified by these methodologies since they have a series of limitations that we have to take into account. At the same time, each one of these methodologies comprises very important aspects concerning security that can be used as a basis for new methodologies or extensions that may be developed.
AB - Nowadays, security solutions are mainly focused on providing security defences (such as firewalls, routers, configuration server, password and encryption) instead of solving one of the main reasons of security problems that refers to an appropriate information systems design. Fortunately, there have been developed new methodologies incorporating security into their development processes. This paper makes a comparison of eleven secure systems design methodologies. The analysed methodologies fulfil criteria partially and in this paper, we make it clear that security aspects cannot be completely specified by these methodologies since they have a series of limitations that we have to take into account. At the same time, each one of these methodologies comprises very important aspects concerning security that can be used as a basis for new methodologies or extensions that may be developed.
KW - Comparison framework
KW - Confidentiality
KW - Multidimensional modeling
KW - Secure information systems development
KW - Security
KW - Security design
KW - UML
UR - http://www.scopus.com/inward/record.url?scp=19944367288&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2004.09.011
DO - 10.1016/j.cose.2004.09.011
M3 - Article
AN - SCOPUS:19944367288
SN - 0167-4048
VL - 24
SP - 308
EP - 321
JO - Computers and Security
JF - Computers and Security
IS - 4
ER -