Information Security Engineering: a Framework for Research and Practices

Information security is not a new topic in academics and industry. However, through a comprehensive literature review, we found that most research in information security focus on technical perspectives including evaluation methods and mathematical approaches for securities, risk mitigation algorithms, with some research focus on economic perspective of information security and even a few talked about social engineering of information security. There is not a unique framework to integrate different types of research in information security. We believe that information security research apply the theories and methodologies in systems engineering to investigate the problems, that is, information security engineering. In this paper, we propose a conceptual framework of information security engineering. This framework explicitly illustrates the methodological system, content system, procedures and strategies for information security engineering research and practices. *Corresponding author: Mincong Tang, E-mail mincong@bjtu.edu.cn

[1]  J. Eloff,et al.  Information security management: a new paradigm , 2003 .

[2]  Jan Jürjens,et al.  From goal‐driven security requirements engineering to secure design , 2010, Int. J. Intell. Syst..

[3]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[4]  Mario Piattini,et al.  A common criteria based security requirements engineering process for the development of secure information systems , 2007, Comput. Stand. Interfaces.

[5]  Haralambos Mouratidis,et al.  When security meets software engineering: a case of modelling secure information systems , 2005, Inf. Syst..

[6]  Shlomo Shamai,et al.  Secure Communication Over Fading Channels , 2007, IEEE Transactions on Information Theory.

[7]  Debi Ashenden,et al.  Information Security management: A human challenge? , 2008, Inf. Secur. Tech. Rep..

[8]  Costas Lambrinoudakis,et al.  A security architecture for interconnecting health information systems , 2004, Int. J. Medical Informatics.

[9]  Shuchih Ernest Chang,et al.  Exploring organizational culture for information security management , 2007, Ind. Manag. Data Syst..

[10]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[11]  Timothy W. Finin,et al.  Trust-Based Security in Pervasive Computing Environments , 2022 .

[12]  Tao Yang,et al.  A SURVEY OF CHAOTIC SECURE COMMUNICATION SYSTEMS , 2004 .

[13]  L. R. Chao,et al.  An integrated system theory of information security management , 2003, Inf. Manag. Comput. Secur..

[14]  Dimitris Gritzalis,et al.  Towards an Ontology-based Security Management , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[15]  Ghassan Chaddoud,et al.  Dynamic group communication security , 2001, Proceedings. Sixth IEEE Symposium on Computers and Communications.

[16]  Evangelos A. Kiountouzis,et al.  Information systems security policies: a contextual perspective , 2005, Comput. Secur..

[17]  Mario Piattini,et al.  Secure information systems development - a survey and comparison , 2005, Comput. Secur..

[18]  Sebastiaan H. von Solms,et al.  Information Security Governance - Compliance management vs operational management , 2005, Comput. Secur..

[19]  Harri Oinas-Kukkonen,et al.  A review of information security issues and respective research contributions , 2007, DATB.

[20]  Indrakshi Ray,et al.  Using aspects to design a secure system , 2002, Eighth IEEE International Conference on Engineering of Complex Computer Systems, 2002. Proceedings..

[21]  PiattiniMario,et al.  A common criteria based security requirements engineering process for the development of secure information systems , 2007 .

[22]  Pierangela Samarati,et al.  A Uniform Framework for Regulating Service Access and Information Release on the Web , 2002, J. Comput. Secur..

[23]  Rossouw von Solms,et al.  The 10 deadly sins of information security management , 2004, Comput. Secur..

[24]  Abhinav Rastogi,et al.  Secure Coding: Building Security into the Software Development Life Cycle , 2004, Inf. Secur. J. A Glob. Perspect..

[25]  Naser Pariz,et al.  A chaotic secure communication scheme using fractional chaotic systems based on an extended fractional Kalman filter , 2009 .

[26]  Jan Jürjens,et al.  Towards Development of Secure Systems Using UMLsec , 2001, FASE.

[27]  Rene Saint-Germain,et al.  Information Security Management Best Practice Based on ISO/IEC 17799 , 2005 .

[28]  Kirstie Hawkey,et al.  An integrated view of human, organizational, and technological challenges of IT security management , 2009, Inf. Manag. Comput. Secur..

[29]  Gurpreet Dhillon,et al.  Technical opinion: Information system security management in the new millennium , 2000, CACM.

[30]  Jingde Cheng,et al.  A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).