Journal of the Association for Information Systems


Many alternative methods for designing secure information systems (SIS) have been proposed to ensure system security. However, within all the literature on SIS methods, there exists little theoretically grounded work that addresses the fundamental requirements and goals of SIS design. This paper first uses design theory to develop a SIS design theory framework that defines six requirements for SIS design methods, and second, shows how known SIS design methods fail to satisfy these requirements. Third, the paper describes a SIS design method that does address these requirements and reports two empirical studies that demonstrate the validity of the proposed framework.