Redefining Information Systems Security: Viable Information Systems

Research on Information Security has been based on a well-established definition of the subject. Consequently, it has delivered a plethora of methods, techniques, mechanisms and tools to protect the so-called security attributes (i.e. availability, confidentiality and integrity) of information. However, a modern Information System (IS) appear rather vulnerable and people show mistrust on their ability to deliver the services expected. This phenomenon leads us to the conclusion that information security does not necessarily equal IS security. In this paper, we argue that IS security, contrary to information remains a confusing term and a neglected research area. We attempt to clarify the meaning and aims of IS security and propose a framework for building secure information systems, or as we suggest them to be called, viable information systems.

[1]  David Simms,et al.  The Heart of Enterprise , 1980 .

[2]  Jean Hitchings Achieving an Integrated Design: The Way Forward for Information Security , 1995 .

[3]  Louise Yngström,et al.  Information Security in Research and Business, Proceedings of the IFIP TC11 13th International Conference on Information Security (SEC '97), 14-16 May 1997, Copenhagen, Denmark , 1997, SEC.

[4]  Abbe Mowshowitz,et al.  Virtual Organization - Introduction to the Special Section. , 1997 .

[5]  Louise Yngström,et al.  A Holistic Approach to IT Security , 1995 .

[6]  Sebastiaan H. von Solms,et al.  Information Security: Process Evaluation and Product Evaluation , 2000, SEC.

[7]  Sebastiaan H. von Solms,et al.  Information Security — the Next Decade , 1995, IFIP Advances in Information and Communication Technology.

[8]  S. Simister Understanding and Evaluating Methodologies: NIMSAD, A Systemic Framework , 1996 .

[9]  Matthew John Warren,et al.  A security advisory system for healthcare environments , 1996 .

[10]  Richard Baskerville,et al.  Risk analysis: an interpretive feasibility tool in justifying information systems security , 1991 .

[11]  Terry Winograd,et al.  Understanding computers and cognition - a new foundation for design , 1987 .

[12]  Donn B. Parker,et al.  A New Framework for Information Security to Avoid Information Anarchy , 1995 .

[13]  Varun Grover,et al.  Business process change : concepts, methods, and technologies , 1995 .

[14]  Abbe Mowshowitz,et al.  Virtual organization , 1997, CACM.

[15]  Richard Baskerville New organizational forms for information security management , 1997, SEC.

[16]  Peter Checkland,et al.  Information, Systems, And Information Systems , 1997 .

[17]  John Brocklesby,et al.  Designing a Viable Organization Structure , 1996 .

[18]  Viktor Mikhaĭlovich Glushkov,et al.  An Introduction to Cybernetics , 1957, The Mathematical Gazette.

[19]  David A. Fisher,et al.  Survivability—a new technical and business perspective on security , 1999, NSPW '99.

[20]  M. Malone The Virtual Corporation , 1993 .

[21]  S. Beer The Brain of the Firm , 1972 .

[22]  Sue Holwell,et al.  Information, Systems and Information Systems: Making Sense of the Field , 1998 .

[23]  Nimal Jayaratna,et al.  Understanding and Evaluating Methodologies: NIMSAD, a Systematic Framework , 1994 .

[24]  Stafford Beer,et al.  The Viable System Model : its provenance , development , methodology and pathology * Stafford Beer = President of the World Organization for Systems and Cybernetics , 2000 .