SEACON: An Integrated Approach to the Analysis and Design of Secure Enterprise Architecture-Based Computer Networks

The extent methods largely ignore the importance of integrating security requirements with business requirements and providing built-in steps for dealing with these requirements seamlessly. To address this problem, a new approach to secure network analysis and design is presented. The proposed method, called the SEACON method, provides an integrated approach to use existing principles of information systems analysis and design with the unique requirements of distributed secure network systems. We introduce several concepts including security adequacy level, process-location-security matrix, data-location- security matrix, and secure location model to provide built-in mechanisms to capture security needs and use them seamlessly throughout the steps of analyzing and designing secure networks. This method is illustrated and compared to other secure network design methods. The SEACON method is found to be a useful and effective method.

[1]  Joseph A. Cazier,et al.  The Impact of Privacy Risk Harm (RH) and Risk Likelihood (RL) on IT Acceptance: An Examination of a Student Information System , 2009 .

[2]  Surya B. Yadav,et al.  The transparent evolution of information technology infrastructure components , 1999 .

[3]  John Benamati Managing information technology in a changing information technology environment , 1997 .

[4]  Gary McGraw,et al.  Risk Analysis in Software Design , 2004, IEEE Secur. Priv..

[5]  James C. Wetherbe,et al.  Key Issues in Information Systems Management: 1994-95 SIM Delphi Results , 1996, MIS Q..

[6]  Albert L. Lederer,et al.  Changing information technology and information technology management , 1997, Inf. Manag..

[7]  Surya B. Yadav,et al.  DEACON: An Integrated Approach to the Analysis and Design of Enterprise Architecture-Based Computer Networks , 2001, Commun. Assoc. Inf. Syst..

[8]  Joey F. George,et al.  Modern Systems Analysis and Design , 1996 .

[9]  InduShobha N. Chengalur-Smith,et al.  Client/server benefits, problems, best practices , 1998, CACM.

[10]  John A. Zachman,et al.  A Framework for Information Systems Architecture , 1987, IBM Syst. J..

[11]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[12]  Ganesh Vaidyanathan,et al.  A five-factor framework for analyzing online risks in e-businesses , 2003, CACM.

[13]  William Stallings Business Data Communications , 1990 .

[14]  Andrew Whinston,et al.  Frontiers of Electronic Commerce , 1996 .

[15]  Hamid R. Nemati Techniques and Applications for Advanced Information Privacy and Security: Emerging Organizational, Ethical, and Human Issues , 2009 .

[16]  Melissa Dark,et al.  Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives , 2010 .

[17]  James E. Goldman Applied Data Communications: A Business-Oriented Approach , 1994 .

[18]  James J. Whitmore A method for designing secure solutions , 2001, IBM Syst. J..