Reaching out for quality: Considering security requirements in the design of information systems [chapter]

Hubert F. Hofmann, Ralph Holbein
1994 Lecture Notes in Computer Science  
Security requirements are a fundamental ingredient for an information system's quality. Despite their importance, security requirements play the role of a "stepchild" in software engineering. If considered at all they cover the technical dimension of information systems, i.e. the electronic part of information processing. This view is insufficient to deal with the requirements of the "real world", i.e. the organisational practice. It is not just the technical criteria which are decisive in
more » ... fying security requirements. We have extended these criteria to incorporate the social and the economic dimension of information exchange in organisations. We will illustrate this extension of traditional approaches in a comprehensive security framework and we will demonstrate the interaction of the additional security criteria with traditional approaches. Managing Secure Information Exchange Corresponding to the suggested framework, we briefly describe those requirements an information system in productive use has to fulfil to achieve secure information exchange. 9 Classification of the economic potential of information to be exchanged within a communication context, i.e. which activities of the communication partners are intended and which are possible? etc. Additionally, a classification of the communication partners is necessary: What organisational roles do they have? Which roles are possible based on their individual competence? etc. ~ Classification of the type of interpersonal interaction. The type of interpersonal interaction refers to the obligations which arise out of this interaction.
doi:10.1007/3-540-58113-8_165 fatcat:lehmrbradndnnkakuummdlytyy