Säkerhetstänkande integrerat i systemdesign via formaliserade metoder
InformationSäkerhetSystemutvecklingsmetoderUtvecklingskontextInformaticsSystems theoryInformatikSystemteoriMathematics and Statistics
Systems development methods mirror different organizational perspectives, and not all methods are formalised, but what they have in common is the purpose of structuring and supporting systems development processes. Which method would be the most suitable may be determined by the systems development context at hand, because every systems development context is unique. Information is a valuable asset in today?s organizations, and it needs to be protected against both internal and external security threats. In our essay we aspired to find and present suggestions as to how systems developers can include security in the very design based on formalised systems development methods to create systems that are better prepared to meet the security challenges of today. Based on our theoretical foundation and our empirical studies at a major IT company, we found that the importance of security is constantly increasing, and that it is wise of systems developers to be aware of the tremendous importance of integrating security thinking into their systems as early as possible. We also found that formalised systems development methods could successfully be combined with added elements, in this case threat analysis and security planning. Connecting security planning to formalised methods for systems development could be a good way of accommodating the increasing need of security work right at the beginning of a systems development project. Keywords: systems development methods, development context, security, information