Information Systems Principles for Developing Secure Information Systems

Even though there have been several Information Systems Security (ISS) methods put forward, especially the ISS design theory framework and six kernel theories with distinctive principles of Siponen and Iivari (2006), these methods very often lack security features referencing the actual users themselves. This study proposes that, when developing secure systems without design principles focused on end users, efficient and effective secure system designs cannot be achieved. This study coalesces the principles of these works with the principles proposed by Siponen and Iivari (2006) in order to better understand the relationships among styles of thinking by end users in making systems security decisions. This is by nature an interdisciplinary undertaking, which in turn identifies those assumptions about the characteristics of systems thinking that can be used to design secure system, built upon end user considerations. And by focusing secure systems design principles on the end user, future ISS will be become more efficient and more secure.