TY - JOUR
T1 - A six-view perspective framework for system security
T2 - Issues, risks, and requirements
AU - Yadav, Surya B.
N1 - Copyright:
Copyright 2019 Elsevier B.V., All rights reserved.
PY - 2010
Y1 - 2010
N2 - To secure information systems, the security risks and requirements must be clearly understood before the proper security mechanisms can be identified and designed. Today's security requirement specifications are generally incomplete and narrowly focused, which leads to ineffective security designs of information systems. The author asserts that multiple views-management, threat, resource, process, assessment, and legal-of information systems provides an opportunity for a better understanding of security risks and requirements. In this paper, the author proposes a six-view perspective of a system security framework to identify a more complete set of security risks and requirements. The proposed framework presents a synergistic view of the system security in which the author presents an extensive list of heuristics/guidelines under each view, discussing security issues, risks, and requirements. Through a case study, the authors shows that a multiple view perspective of system security is effective in determining a more complete set of security requirements than the traditional approach of focusing on threats alone.
AB - To secure information systems, the security risks and requirements must be clearly understood before the proper security mechanisms can be identified and designed. Today's security requirement specifications are generally incomplete and narrowly focused, which leads to ineffective security designs of information systems. The author asserts that multiple views-management, threat, resource, process, assessment, and legal-of information systems provides an opportunity for a better understanding of security risks and requirements. In this paper, the author proposes a six-view perspective of a system security framework to identify a more complete set of security risks and requirements. The proposed framework presents a synergistic view of the system security in which the author presents an extensive list of heuristics/guidelines under each view, discussing security issues, risks, and requirements. Through a case study, the authors shows that a multiple view perspective of system security is effective in determining a more complete set of security requirements than the traditional approach of focusing on threats alone.
KW - Secure system
KW - Security issues
KW - Security mechanisms
KW - Security requirements
KW - Security risks
KW - System security framework
UR - http://www.scopus.com/inward/record.url?scp=79956080816&partnerID=8YFLogxK
U2 - 10.4018/jisp.2010010104
DO - 10.4018/jisp.2010010104
M3 - Article
AN - SCOPUS:79956080816
VL - 4
SP - 61
EP - 92
JO - International Journal of Information Security and Privacy
JF - International Journal of Information Security and Privacy
SN - 1930-1650
IS - 1
ER -