Abstract
As organisations become aware of their vulnerability to threats to their information and telecommunication systems, this often results in the ad-hoc addition of safeguards to those systems. This causes operational problems, because information security requirements were never an issue during the development of these systems. In this paper we propose that requirements for information security should be integrated in the development process in an early phase. The benefit of the integration is that information security will become an integral part of the system. We discuss the complications and some preliminary guidelines, assuming that system developers are used to a ‘traditional’ development process.
Chapter PDF
Similar content being viewed by others
References
Aalders, J.C.H., Herschberg, I.S. and Zanten, A. van (1985) Handbook for information security: a guide towards information security standards. Elsevier Science.
Badenhorst, K.P. and Eloff, J.H.P. (1989) Framework of a methodology for the lifecycle of computer security in an organisation, in Computers and Security, 8, 5.
Baskerville, R. (1993) Information systems security design methods: implications for information systems development, in Computing Surveys 24 (4).
Booysen, H.A.S. and Eloff, J.H.P (1995) A methodology for the development of secure application systems, in Information security - the next decade: Proceedings of IFIP Information security. (ed. J.H.P. Eloff, von Solms S.H. ), Chapman and Hall, London.
Boswell, A. (1995) Specifications and validation of a security policy model. IEEE Transactions on Software Engineering, 21, 2.
Breed, N.F., Out, D.J. and Tettero, O. (1995) Informatiebeveiliging, een blik achter de schermen. Samsom Bedrijfslnformatie, Alphen a/d Rijn/Zaventem. [In Dutch] BSI - British Standard Institute (1994) Code of practice for information security management.
CCTA (1991) SSADM-CRAMM Subjectguide for SSADM version 3 and CRAMM version 2. Central Computer and Telecommunications Agency, IT Security and Privacy group, Her Majesty’s Government, London.
Clark, D.D. and Wilson, D.R. (1987) A comparison of commercial and military computer security policies, in Proceedings of Symposium on Security and Privacy.
Dasgupta, S. (1989) The structure of design processes, in The structure of design processes. (ed. M.C. Yovtis), volume 28 of Advances in computers.
Fisher, R.P. (1984) Information systems security. Prentice Hall, Engelwood Cliffs. Ford, W. (1994) Computer communications security: principals, standard protocols and techniques. Prentice Hall, New Jersey.
Hitchings, J. (1995) Deficiencies of the traditional approach to information security and the requirements for a new methodology, in Computers and Security, 14.
ISO/TC 97 (1989) Information processing systems - Open Systems Interconnection Basic Reference Model - Security Architecture. ISO 7498–2.
Landwehr, C.E., Bull, A.R., McDermott, J.P. and Choi, W.P. (1994) A Taxonomy of computer program security flaws, in ACM computing surveys. 26, 3.
Mazza, C., Fairclough, J., Melton, B., Pablo, D. de, Scheffer, A.. and Stevens, E. (1994) Software engineering standards. Prentice Hall/European Space Agency.
Mostert, D.N.J. and von Solms, S.H., (1994) A methodology to include computer security, safety and resilience requirements as part of the user requirement, in Computers and Security, 13, 4.
Muftic, S. (1994) Security architecture for ODP systems, final results of the CEC COST-11 Ter “Security” project, in Computer Networks and ISDN Systems, 26.
OECD - Organisation for Economic Co-operation and Development (1996) Guidelines for the security of information systems.
Parker, D.B. (1981) Managers guide to computer security. Reston Publishing.
Sommerville, I. (1996) Software engineering. Addison-Wesley, 5th ed. ‘Fettero, O. (ed.) (1996) Security aspects of telematics applications, PLATINUM deliverable D3.2. Telematics Research Centre, Enschede.
Tompkins, F.G. and Rice, R. (1986) Integrating security activities into the software development lifecycle and the software Quality assurance process, in Computers and Security, 5.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 Springer Science+Business Media Dordrecht
About this chapter
Cite this chapter
Tettero, O., Out, D.J., Franken, H.M., Schot, J. (1997). Integrating information security in the development of telematics systems. In: Yngström, L., Carlsen, J. (eds) Information Security in Research and Business. IFIP — The International Federation for Information Processing. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35259-6_20
Download citation
DOI: https://doi.org/10.1007/978-0-387-35259-6_20
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5481-0
Online ISBN: 978-0-387-35259-6
eBook Packages: Springer Book Archive