Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Security Engineering Methodology Based on Problem Solving Theory

  • Conference paper
Computational Science and Its Applications - ICCSA 2006 (ICCSA 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3983))

Included in the following conference series:

Abstract

This paper answers the difficult problems that organizations face in business environments when they try to solve information security issues by suggesting the integrated methodology for security engineering. Contributions of this paper are summarized as following. The first is the provision of requirements of security engineering methodology based on the model of ill-structured problem solving. The second is the framework which integrates various methods and tools of security engineering. The third is a suggestion of the process model and components which support an entire lifecycle of security management.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jonassen, D.H.: Using Cognitive Tools to Represent Problems. Journal of Research on Technology in Education 35(3) (2003)

    Google Scholar 

  2. Simon, H.A.: Identifying Basic Abilities Underlying Intelligent Performance on Complex Tasks. In: Resnick, L.B. (ed.) The Nature of Intelligence. LEA (1976)

    Google Scholar 

  3. Chi, M.T.H., Glaser, R.: Problem Solving Ability. In: Sternberg, R.J. (ed.) Human Abilities, An Information Processing Approach, W.H. Freeman & Company, New York (1985)

    Google Scholar 

  4. Jonassen, D.H.: Instructional Design Models for Well-structured and Ill-structured Problem Solving Learning Outcomes. Educational Technology, Research and Development 45(1) (1997)

    Google Scholar 

  5. Simon, H.A.: Information-Processing Theory of Human Problem Solving. In: Esters, W.K. (eds.): Handbook of Learning and Cognitive Process. LEA (1978)

    Google Scholar 

  6. Sinnott, J.D.: A Model for Solution of Ill-Structured Problems: Implications for Everyday and Abstract Problem Solving. In: Sinnott, J.D. (ed.) Everyday Problem Solving: Theory and Application. Praeger Publishers (1989)

    Google Scholar 

  7. Voss, J.F., et al.: From Representation to Decision: An Analysis of Problem Solving in International Relations. In: Sternberg, R.J. (ed.) Complex Problem Solving. LEA (1991)

    Google Scholar 

  8. Voss, J.F.: Learning and Transfer in Subject-matter Learning: A Problem Solving Model. International Journal of Educational Research 11 (1988)

    Google Scholar 

  9. Kitchner, K.S.: Cognition, Metacognition, and Epistemic Cognition: A Three-level Model of Cognitive Processing. Human Development 26 (1983)

    Google Scholar 

  10. Spiro, R.J., et al.: Knowledge Acquisition for Application: Cognitive Flexibility and Transfer in Complex Content Domains. In: Britton, B.C. (ed.) Executive Control Processes. LEA (1987)

    Google Scholar 

  11. Spiro, R.J., et al.: Cognitive Flexibility Theory: Advanced Knowledge Acquisition in Ill-Structured Domains. Center for the Study of Reading, University of Illinois (1988)

    Google Scholar 

  12. Choi, S.: A Study on the Methodology to Establish the Security Systems for E-business, Mater Thesis. Yonsei University (2000)

    Google Scholar 

  13. SEI: A Systems Engineering Capability Maturity Model, Version 2.0. Software Engineering Institute, Carnegie Mellon University (1999)

    Google Scholar 

  14. NIST: An Introduction to Computer Security: The NIST Handbook. NIST (1995)

    Google Scholar 

  15. Kim, S., et al.: An Analytic Perspective of ISO17799 ISMS. In: Fifth International Conference on Operations and Quantitative Management (2004)

    Google Scholar 

  16. ISO13335-1: Information Technology - Guidelines for the Management of IT Security - Part 1: Concepts and Models for IT Security, No. ISO/IEC TR 13335-1:1996(E). International Organization for Standardization (1996)

    Google Scholar 

  17. Henze, D.: IT Baseline Protection Manual. BSI (2000)

    Google Scholar 

  18. Rex, R.K., Charles, S.A., Houston, C.H.: Risk Analysis for Information Technology. Journal of Management Information Systems 8(1) (1991)

    Google Scholar 

  19. Ron, W.: EDP Audting: Conceptual Foundations and Practice. McGraw-Hill, New York (1988)

    Google Scholar 

  20. Tudor, J.K.: Information Security Architecture: An Integrated Approach to Security in the Organization. Auerbach (2000)

    Google Scholar 

  21. NIST: Security Self-Assessment Guide for Information Technology Systems, NIST Special Publication 800-26 NIST (2001)

    Google Scholar 

  22. Gilbert, I.E.: Guide for Selecting Automated Risk Analysis Tools (SP 500-174). NIST (1989)

    Google Scholar 

  23. Polk, W.T., Bassham, L.E.: A Guide to the Selection of Anti-Virus Tools and Techniques(SP 800-5), NIST Special Publication. NIST (1992)

    Google Scholar 

  24. Lynch, G., Stenmark, I.: A Methodology for Rating Security Vendors. Gartner (1996)

    Google Scholar 

  25. Schweitzer, J.A.: Protecting Information in the Electronic Workplace: A Guide for Managers. Reston Publishing Company (1983)

    Google Scholar 

  26. Hutt, A.E.: Management’s Roles in Computer Security, in Computer Security Handbook. Macmillan Publishing Company, Basingstoke (1988)

    Google Scholar 

  27. Fites, P.E., et al.: Controls and Security of Computer Information Systems. Computer Science Press (1989)

    Google Scholar 

  28. Vallabhaneni, S.R.: CISSP Examination Textbooks. SRV Professional Publications (2000)

    Google Scholar 

  29. Krutz, R.L., Vines, R.D.: The CISSP Prep Guide: Mastering the Ten Domains of Computer Security. John Wiley & Sons, Chichester (2001)

    Google Scholar 

  30. Kim, S.: Security Consultant Training Handbook. HIT (2002)

    Google Scholar 

  31. Firth, R., et al.: An Approach for Selecting and Specifying Tools for Information Survivability. Software Engineering Institute, Carnegie Mellon University (1998)

    Google Scholar 

  32. Kavanaugh, K.: Security Services: Focusing on User Needs. Gartner (2001)

    Google Scholar 

  33. Beall, S., Hodges, R.: Protection & Security: Software Comparison Columns. Gartner (2002)

    Google Scholar 

  34. Geer, D.E.: Making Choices to Show ROI. Secure Business Quarterly 1(2) (2001)

    Google Scholar 

  35. Scott, D.: Security Investment Justification and Success Factors. Gartner (1998)

    Google Scholar 

  36. Blakley, B.: Returns on Security Investment: An Imprecise but Necessary Calculation. Secure Business Quarterly 1(2) (2001)

    Google Scholar 

  37. Malik, W.: A Security Funding Strategy. Gartner (2001)

    Google Scholar 

  38. Power, R.: CSI/FBI Computer Crime and Security Survey. Computer Security Issues & Trends 8(1) (2002)

    Google Scholar 

  39. Bates, R.J.: Disaster Recovery Planning. McGraw-Hill, New York (1991)

    Google Scholar 

  40. Witty, R., et al.: The Price of Information Security, Strategic Analysis Report. Gartner (2001)

    Google Scholar 

  41. Harris, S.: CISSP All-in-One Exam Guide, 2nd edn. McGraw-Hill, New York (2003)

    Google Scholar 

  42. Roper, C.A.: Risk Management for Security Professionals. Butterworth Heinemann (1999)

    Google Scholar 

  43. Leem, C.S., et al.: Introduction to An Integrated Methodology for Development and Implementation of Enterprise Information Systems. In: Proceeding of INFORMS 1999 (1999)

    Google Scholar 

  44. Leem, C.S.: A Research on a Consulting Methodology of Enterprise Information Systems. ITR (1999)

    Google Scholar 

  45. Choi, J.: A Framework of the Integrated Methodology for Industrial Information Systems, Mater Thesis. Yonsei University (1998)

    Google Scholar 

  46. Fisher, M.A., et al.: IT Support of Single Project, Multi-project and Industry-wide Integration. Computers in Industry 35 (1998)

    Google Scholar 

  47. Monheit, M., Tsafrir, A.: Information Systems Architecture: a Consulting Methodology. In: Proceeding of the 1990 IEEE International Conference on Computer Systems and Software Engineering (1990)

    Google Scholar 

  48. Kim, S., Choi, S., Leem, C.S.: An Integrated Framework for Secure E-business Models and Their Implementation. In: Proceeding of INFORMS 1999 (1999)

    Google Scholar 

  49. Jeon, D.: A Study on Development of TO-BE Enterprise Model for Information Strategy Planning, Master Thesis. Yonsei University (2000)

    Google Scholar 

  50. Kim, S., Leem, C.S.: An information engineering methodology for the security strategy planning. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 597–607. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  51. Leem, C.S., Oh, B.: Evaluation Information Strategic Planning: An Evaluation System and Its Application. Journal of Systems Integration 10(3) (2002)

    Google Scholar 

  52. Porter, M.E.: How Competitive Forces Shape Strategy. Harvard Business Review 57(2) (1979)

    Google Scholar 

  53. Scott, D.: Best Practices in Business Continuity Planning. Symposium/ITxpo 2002 (2002)

    Google Scholar 

  54. CSE: Guide to Risk Assessment and Safeguard Selection for Information Technology Systems. CSE (1996)

    Google Scholar 

  55. ISO9126-1: Software Engineering - Product Quality - Part 1: Quality Model, No. ISO/IEC 9126-1:2001. International Organization for Standardization (2001)

    Google Scholar 

  56. Leem, C.S., Kim, S.: Introduction to an Integrated Methodology for Development and Implementation of Enterprise Information Systems. Journal of System and Softwares 60 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Yonsei University, Seoul, Korea

    Sangkyun Kim

  2. Dankook University, Seoul, Korea

    Hong Joo Lee

Authors
  1. Sangkyun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hong Joo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  2. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. OptimaNumerics Ltd.,, Cathedral House 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  5. Clayton School of IT, Monash University, 3800, Clayton, Australia

    David Taniar

  6. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  7. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  8. School of Information and Communication Engineering, Sungkyunkwan University, Korea

    Hyunseung Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, S., Lee, H.J. (2006). Security Engineering Methodology Based on Problem Solving Theory. In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751632_70

Download citation

  • DOI: https://doi.org/10.1007/11751632_70

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34077-5

  • Online ISBN: 978-3-540-34078-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation