NSUWorks Contextualizing Secure Information System Design: A Socio-Technical Approach Contextualizing Secure Information System Design: A Socio-Technical Approach Contextualizing Secure Information System Design: A Socio-Technical Approach

Abdul Charif, Abdul Charif, Abdul Charif
unpublished
Secure Information Systems (SIS) design paradigms have evolved in generations to adapt to IS security needs. However, modern IS are still vulnerable and are far from secure. The development of an underlying IS cannot be reduced to "technological fixes" neither is the design of SIS. Technical security cannot ensure IS security. Generations of SIS design paradigms have evolved, all with their own sets of shortcomings. A SIS design paradigm must meet well-defined requirements, yet contemporary
more » ... digms do not meet all these requirements. Current SIS design paradigms are not easily applicable to IS. They lack a comprehensive modeling support and ignore the socio-technical organizational role of IS security. This research introduced the use of action research in design science research. Design science paradigm was leveraged to introduce a meta-design artifact explaining how IS requirements including security requirements can be incorporated in the design of SIS. The introduced artifact CSIS provided design comprehensiveness to emergent and changing requirements to IS from a socio-technical perspective. The CSIS artifact meets secure system meta-design requirements. This study presented a secure IS design principle that ensures IS security. ii
fatcat:gdc774tdfbbq5nsrnh22szjoea