In developing an information systems (IS), most organizations have preferred a traditional add-on approach that adds commercial security products after an IS development project is finished. However, a number of recent incidents with regard to IS security indicate that this approach does not guarantee IS security because commercial products are not designed for the specific organizational IS environments. As an alternative solution, previous studies suggested that organizations integrate both the security engineering (SE) process and software development lifecycle (SDLC) process standards. Unfortunately, a few studies tried to suggest the limited integration models. In this paper, as a practical way for the development of secure IS, we suggest two SE process models. First, we develop the generalized SE model that includes all SE activities through the whole SDLC. Secondly, we suggest the process integration model that interweaves SE with IEEE/EIA 12207 through Delphi analysis.