In developing an information systems (IS), most organizations have preferred a traditional add-on approach that adds commercial security products after an IS development project is finished. However, a number of recent incidents with regard to IS security indicate that this approach does not guarantee IS security because commercial products are not designed for the specific organizational IS environments. As an alternative solution, previous studies suggested that organizations integrate both the security engineering (SE) process and software development lifecycle (SDLC) process standards. Unfortunately, a few studies tried to suggest the limited integration models. In this paper, as a practical way for the development of secure IS, we suggest two SE process models. First, we develop the generalized SE model that includes all SE activities through the whole SDLC. Secondly, we suggest the process integration model that interweaves SE with IEEE/EIA 12207 through Delphi analysis.
Lee, Younghwa; Lee, Zoonky; and Lee, Choong Kwon, "A Study of Integrating the Security Engineering Process into the Software Lifecycle Process Standard (IEEE/EIA 12207)" (2000). AMCIS 2000 Proceedings. 182.