This theoretical paper discusses a recent shift in cyber attackers’ interest away from traditional network and operating systems vulnerabilities and towards application level security flaws in end user systems. The authors argue that this shift signals a strong need to re-examine the way that security is addressed during the systems development process. Most of the systems development methodologies currently used do not contain formal processes for dealing with the interconnected complexity and risks associated with today’s computing environments. Using systems theory as a theoretical lens, the fundamental processes of current systems development methodologies are analyzed and weaknesses in their ability to deal with these environmental factors are discussed. The authors then present a proposed holistic framework for integrating security into existing systems development methods. The paper concludes with a discussion of the need for more scholarly research in this area and suggestions for future research directions are offered.
Young, Diana K.; Conklin, Wm. Arthur; and Dietrich, Glenn, "Re-examining the Information Systems Security Problem from a Systems Theory Perspective" (2010). AMCIS 2010 Proceedings. 375.