Security engineering methodology for developing secure enterprise information systems: An overview

Young Gab Kim; Sungdeok Cha

doi:10.1007/978-94-007-5076-0_47

Security engineering methodology for developing secure enterprise information systems: An overview

Young Gab Kim, Sungdeok Cha

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The software engineering discipline has provided principles, methodologies, and tools for the development of information systems. Software engineering have also become a fundamental component to produce information systems and related software components which are cheaper, better and faster. Recently, many forms of security attacks against information systems have emerged that attempt to compromise the security of information systems and organizations. However, traditional software engineering is not adequate and effective for developing secure information systems. In this paper, we propose holistic, consistent, and integrated security engineering procedures for analyzing, designing, developing, testing, and maintaining secure enterprise information systems. The proposed security engineering methodology combines security risk control, enterprise security architecture, and security management as an integrated framework.

Original language	English
Title of host publication	Embedded and Multimedia Computing Technology and Service, EMC 2012
Pages	393-400
Number of pages	8
DOIs	https://doi.org/10.1007/978-94-007-5076-0_47
Publication status	Published - 2012
Event	7th International Conference on Embedded and Multimedia Computing, EMC 2012 - Gwangju, Korea, Republic of Duration: 2012 Sept 6 → 2012 Sept 8

Publication series

Name	Lecture Notes in Electrical Engineering
Volume	181 LNEE
ISSN (Print)	1876-1100
ISSN (Electronic)	1876-1119

Other

Other	7th International Conference on Embedded and Multimedia Computing, EMC 2012
Country/Territory	Korea, Republic of
City	Gwangju
Period	12/9/6 → 12/9/8

Keywords

enterprise security architecture
secure information system
security engineering
security management
security risk analysis

ASJC Scopus subject areas

Industrial and Manufacturing Engineering

Access to Document

10.1007/978-94-007-5076-0_47

Cite this

Kim, YG & Cha, S 2012, Security engineering methodology for developing secure enterprise information systems: An overview. in Embedded and Multimedia Computing Technology and Service, EMC 2012. Lecture Notes in Electrical Engineering, vol. 181 LNEE, pp. 393-400, 7th International Conference on Embedded and Multimedia Computing, EMC 2012, Gwangju, Korea, Republic of, 12/9/6. https://doi.org/10.1007/978-94-007-5076-0_47

@inproceedings{23095469052e46b5a31df4d7ae938988,

title = "Security engineering methodology for developing secure enterprise information systems: An overview",

abstract = "The software engineering discipline has provided principles, methodologies, and tools for the development of information systems. Software engineering have also become a fundamental component to produce information systems and related software components which are cheaper, better and faster. Recently, many forms of security attacks against information systems have emerged that attempt to compromise the security of information systems and organizations. However, traditional software engineering is not adequate and effective for developing secure information systems. In this paper, we propose holistic, consistent, and integrated security engineering procedures for analyzing, designing, developing, testing, and maintaining secure enterprise information systems. The proposed security engineering methodology combines security risk control, enterprise security architecture, and security management as an integrated framework.",

keywords = "enterprise security architecture, secure information system, security engineering, security management, security risk analysis",

author = "Kim, {Young Gab} and Sungdeok Cha",

year = "2012",

doi = "10.1007/978-94-007-5076-0_47",

language = "English",

isbn = "9789400750753",

series = "Lecture Notes in Electrical Engineering",

pages = "393--400",

booktitle = "Embedded and Multimedia Computing Technology and Service, EMC 2012",

note = "7th International Conference on Embedded and Multimedia Computing, EMC 2012 ; Conference date: 06-09-2012 Through 08-09-2012",

}

TY - GEN

T1 - Security engineering methodology for developing secure enterprise information systems

T2 - 7th International Conference on Embedded and Multimedia Computing, EMC 2012

AU - Kim, Young Gab

AU - Cha, Sungdeok

PY - 2012

Y1 - 2012

N2 - The software engineering discipline has provided principles, methodologies, and tools for the development of information systems. Software engineering have also become a fundamental component to produce information systems and related software components which are cheaper, better and faster. Recently, many forms of security attacks against information systems have emerged that attempt to compromise the security of information systems and organizations. However, traditional software engineering is not adequate and effective for developing secure information systems. In this paper, we propose holistic, consistent, and integrated security engineering procedures for analyzing, designing, developing, testing, and maintaining secure enterprise information systems. The proposed security engineering methodology combines security risk control, enterprise security architecture, and security management as an integrated framework.

AB - The software engineering discipline has provided principles, methodologies, and tools for the development of information systems. Software engineering have also become a fundamental component to produce information systems and related software components which are cheaper, better and faster. Recently, many forms of security attacks against information systems have emerged that attempt to compromise the security of information systems and organizations. However, traditional software engineering is not adequate and effective for developing secure information systems. In this paper, we propose holistic, consistent, and integrated security engineering procedures for analyzing, designing, developing, testing, and maintaining secure enterprise information systems. The proposed security engineering methodology combines security risk control, enterprise security architecture, and security management as an integrated framework.

KW - enterprise security architecture

KW - secure information system

KW - security engineering

KW - security management

KW - security risk analysis

UR - http://www.scopus.com/inward/record.url?scp=84867476521&partnerID=8YFLogxK

U2 - 10.1007/978-94-007-5076-0_47

DO - 10.1007/978-94-007-5076-0_47

M3 - Conference contribution

AN - SCOPUS:84867476521

SN - 9789400750753

T3 - Lecture Notes in Electrical Engineering

SP - 393

EP - 400

BT - Embedded and Multimedia Computing Technology and Service, EMC 2012

Y2 - 6 September 2012 through 8 September 2012

ER -

Security engineering methodology for developing secure enterprise information systems: An overview

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this