Abstract
This paper answers the difficult problems that organizations face in business environments when they try to solve information security issues by suggesting the integrated methodology for security engineering. Contributions of this paper are summarized as following. The first is the provision of requirements of security engineering methodology based on the model of ill-structured problem solving. The second is the framework which integrates various methods and tools of security engineering. The third is a suggestion of the process model and components which support an entire lifecycle of security management.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Jonassen, D.H.: Using Cognitive Tools to Represent Problems. Journal of Research on Technology in Education 35(3) (2003)
Simon, H.A.: Identifying Basic Abilities Underlying Intelligent Performance on Complex Tasks. In: Resnick, L.B. (ed.) The Nature of Intelligence. LEA (1976)
Chi, M.T.H., Glaser, R.: Problem Solving Ability. In: Sternberg, R.J. (ed.) Human Abilities, An Information Processing Approach, W.H. Freeman & Company, New York (1985)
Jonassen, D.H.: Instructional Design Models for Well-structured and Ill-structured Problem Solving Learning Outcomes. Educational Technology, Research and Development 45(1) (1997)
Simon, H.A.: Information-Processing Theory of Human Problem Solving. In: Esters, W.K. (eds.): Handbook of Learning and Cognitive Process. LEA (1978)
Sinnott, J.D.: A Model for Solution of Ill-Structured Problems: Implications for Everyday and Abstract Problem Solving. In: Sinnott, J.D. (ed.) Everyday Problem Solving: Theory and Application. Praeger Publishers (1989)
Voss, J.F., et al.: From Representation to Decision: An Analysis of Problem Solving in International Relations. In: Sternberg, R.J. (ed.) Complex Problem Solving. LEA (1991)
Voss, J.F.: Learning and Transfer in Subject-matter Learning: A Problem Solving Model. International Journal of Educational Research 11 (1988)
Kitchner, K.S.: Cognition, Metacognition, and Epistemic Cognition: A Three-level Model of Cognitive Processing. Human Development 26 (1983)
Spiro, R.J., et al.: Knowledge Acquisition for Application: Cognitive Flexibility and Transfer in Complex Content Domains. In: Britton, B.C. (ed.) Executive Control Processes. LEA (1987)
Spiro, R.J., et al.: Cognitive Flexibility Theory: Advanced Knowledge Acquisition in Ill-Structured Domains. Center for the Study of Reading, University of Illinois (1988)
Choi, S.: A Study on the Methodology to Establish the Security Systems for E-business, Mater Thesis. Yonsei University (2000)
SEI: A Systems Engineering Capability Maturity Model, Version 2.0. Software Engineering Institute, Carnegie Mellon University (1999)
NIST: An Introduction to Computer Security: The NIST Handbook. NIST (1995)
Kim, S., et al.: An Analytic Perspective of ISO17799 ISMS. In: Fifth International Conference on Operations and Quantitative Management (2004)
ISO13335-1: Information Technology - Guidelines for the Management of IT Security - Part 1: Concepts and Models for IT Security, No. ISO/IEC TR 13335-1:1996(E). International Organization for Standardization (1996)
Henze, D.: IT Baseline Protection Manual. BSI (2000)
Rex, R.K., Charles, S.A., Houston, C.H.: Risk Analysis for Information Technology. Journal of Management Information Systems 8(1) (1991)
Ron, W.: EDP Audting: Conceptual Foundations and Practice. McGraw-Hill, New York (1988)
Tudor, J.K.: Information Security Architecture: An Integrated Approach to Security in the Organization. Auerbach (2000)
NIST: Security Self-Assessment Guide for Information Technology Systems, NIST Special Publication 800-26 NIST (2001)
Gilbert, I.E.: Guide for Selecting Automated Risk Analysis Tools (SP 500-174). NIST (1989)
Polk, W.T., Bassham, L.E.: A Guide to the Selection of Anti-Virus Tools and Techniques(SP 800-5), NIST Special Publication. NIST (1992)
Lynch, G., Stenmark, I.: A Methodology for Rating Security Vendors. Gartner (1996)
Schweitzer, J.A.: Protecting Information in the Electronic Workplace: A Guide for Managers. Reston Publishing Company (1983)
Hutt, A.E.: Management’s Roles in Computer Security, in Computer Security Handbook. Macmillan Publishing Company, Basingstoke (1988)
Fites, P.E., et al.: Controls and Security of Computer Information Systems. Computer Science Press (1989)
Vallabhaneni, S.R.: CISSP Examination Textbooks. SRV Professional Publications (2000)
Krutz, R.L., Vines, R.D.: The CISSP Prep Guide: Mastering the Ten Domains of Computer Security. John Wiley & Sons, Chichester (2001)
Kim, S.: Security Consultant Training Handbook. HIT (2002)
Firth, R., et al.: An Approach for Selecting and Specifying Tools for Information Survivability. Software Engineering Institute, Carnegie Mellon University (1998)
Kavanaugh, K.: Security Services: Focusing on User Needs. Gartner (2001)
Beall, S., Hodges, R.: Protection & Security: Software Comparison Columns. Gartner (2002)
Geer, D.E.: Making Choices to Show ROI. Secure Business Quarterly 1(2) (2001)
Scott, D.: Security Investment Justification and Success Factors. Gartner (1998)
Blakley, B.: Returns on Security Investment: An Imprecise but Necessary Calculation. Secure Business Quarterly 1(2) (2001)
Malik, W.: A Security Funding Strategy. Gartner (2001)
Power, R.: CSI/FBI Computer Crime and Security Survey. Computer Security Issues & Trends 8(1) (2002)
Bates, R.J.: Disaster Recovery Planning. McGraw-Hill, New York (1991)
Witty, R., et al.: The Price of Information Security, Strategic Analysis Report. Gartner (2001)
Harris, S.: CISSP All-in-One Exam Guide, 2nd edn. McGraw-Hill, New York (2003)
Roper, C.A.: Risk Management for Security Professionals. Butterworth Heinemann (1999)
Leem, C.S., et al.: Introduction to An Integrated Methodology for Development and Implementation of Enterprise Information Systems. In: Proceeding of INFORMS 1999 (1999)
Leem, C.S.: A Research on a Consulting Methodology of Enterprise Information Systems. ITR (1999)
Choi, J.: A Framework of the Integrated Methodology for Industrial Information Systems, Mater Thesis. Yonsei University (1998)
Fisher, M.A., et al.: IT Support of Single Project, Multi-project and Industry-wide Integration. Computers in Industry 35 (1998)
Monheit, M., Tsafrir, A.: Information Systems Architecture: a Consulting Methodology. In: Proceeding of the 1990 IEEE International Conference on Computer Systems and Software Engineering (1990)
Kim, S., Choi, S., Leem, C.S.: An Integrated Framework for Secure E-business Models and Their Implementation. In: Proceeding of INFORMS 1999 (1999)
Jeon, D.: A Study on Development of TO-BE Enterprise Model for Information Strategy Planning, Master Thesis. Yonsei University (2000)
Kim, S., Leem, C.S.: An information engineering methodology for the security strategy planning. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 597–607. Springer, Heidelberg (2004)
Leem, C.S., Oh, B.: Evaluation Information Strategic Planning: An Evaluation System and Its Application. Journal of Systems Integration 10(3) (2002)
Porter, M.E.: How Competitive Forces Shape Strategy. Harvard Business Review 57(2) (1979)
Scott, D.: Best Practices in Business Continuity Planning. Symposium/ITxpo 2002 (2002)
CSE: Guide to Risk Assessment and Safeguard Selection for Information Technology Systems. CSE (1996)
ISO9126-1: Software Engineering - Product Quality - Part 1: Quality Model, No. ISO/IEC 9126-1:2001. International Organization for Standardization (2001)
Leem, C.S., Kim, S.: Introduction to an Integrated Methodology for Development and Implementation of Enterprise Information Systems. Journal of System and Softwares 60 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, S., Lee, H.J. (2006). Security Engineering Methodology Based on Problem Solving Theory. In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751632_70
Download citation
DOI: https://doi.org/10.1007/11751632_70
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34077-5
Online ISBN: 978-3-540-34078-2
eBook Packages: Computer ScienceComputer Science (R0)