Secure information systems design theory is an area of information security that continues to need additional research. Models such as Siponen et al. provide a theoretical framework for SIS design that organizations and security practitioners can implement and utilize. However, further research and development is needed to continue to meet modern threats.
When developing information systems, data modeling represents a key aspect of the requirements analysis phase. The criticality of the data model stems from the fact that the characteristics of the data govern all other aspects of an information system.
The Hofmeister, Nord, and Soni article provides a useful overview of the Global Analysis methodology. Software architects seeking to improve the traceability of the software development lifecycle would be advised to read Hofmeister et al and implement Global Analysis as an architectural tool.
The systems development lifecycle (SDLC) is a broad term that encompasses the methods that an organization uses to design, deploy, and maintain the systems that fulfill the information technology (IT) and business strategies. Hoffer, George, and Valacich (2010) define the systems development lifecycle as, “the traditional methodology used to develop, maintain, and replace information systems” (Hoffer, George, and Valcich, 2010, p. 7). One of the key phases of the SDLC is systems analysis and design, which focuses on gathering and analysis of requirements and design of information systems to meet those requirements.
Many organizations are implementing biometric access controls to help ensure security policies are effective. By incorporating a biometric into authentication and identity verification procedures, an extra measure of precaution is taken that improves the certainty that the person is who they say they are. Biometrics utilize physical, behavioral, a combination of both physical and behavioral characteristics to identify a person (Zorkadis and Donos, 2004). Of the many biometrics available for use, fingerprinting is one of the oldest and most widely used.
Service or cloud computing offers significant cost and scalability benefits for businesses. Businesses leveraging service based information technologies must mitigate privacy, security, and portability risks. The risks are manageable and, in light of the benefits, businesses should pursue a cloud computing strategy where feasible.
When using company assets, employees generally do not have a reasonable expectation of privacy. As shown by the case of Smyth v. Pillsbury, even in cases where a private e-mail account interfaces with a monitored business e-mail system, the employee should not have an expectation of privacy.
Aerospace and defense contractors that work with the US Department of Defense are required to comply with one or more regulations governing security and the handling of classified information. The National Industrial Security Program (NISP) provides compliance requirements for private industry handling classified information on behalf of the US government. Specifically, the NISP publishes the National Industrial Security Program Operating Manual (NISPOM). NISPOM Chapter 8 provides certification and accreditation requirements for facilities processing or handling classified information. Similarly, the Director of Central Intelligence Directive 6/3 (DCID 6/3) defines the certification and accreditation processes for information technology projects that require Top Secret (TS) or Secure Compartmentalized Information (SCI) clearances.
Management of the information technology (IT) applications portfolio is an important undertaking for businesses that seek to optimize the IT investment. As Ward and Peppard (2002) state, “The applications portfolio concept, […] is a means of bringing together existing, planned and potential information systems and assessing their business contribution” (Ward & Peppard, 2002). Managing the [...]
The value chain views an organization as a series of input, transformation and output stages, where at each stage it may be possible to enhance an organization’s competitive position. Over the last 25 years, value chain analysis has evolved and matured from an analytical technique first introduced in the mid-eighties into an engineering and management methodology, known as value engineering, that enables more efficient and effective business and IT alignment.
Send me an e-mail message.
Call me at (520)762-4962
Connect via Skype:
Schedule a meeting:
@itbrian on:
