Information Systems are increasingly becoming essential to the success of business organizations. They play a central role in the success of almost all components of the organization such as business decision-making, business strategy formulation, business goal modeling, managing organizational resources, structure, managing organizational data etc. However, protecting information systems and organizational resources from security threats is a critical task in the management of the business, which alternately, negatively affects the alignment process between business and information systems. Managing information security within business organizations calls for a clear understanding of the viewpoint of business and the architecture of the system that is being used in the organization. This paper presents a requirements engineering based approach to modeling and maping the issue of information security at an early stage of the system’s development life cycle in the context of alignment between business and information systems.


information security, risk management, risk analysis, business-IS alignment, requirements engineering


ISBN: [978-1-86435-644-1]; Full paper