Development of Web‐based e‐commerce systems has posed challenges in different dimensions of the software development process including design, maintenance and performance. Non‐functional requirements such as performance added to the system as an after thought would lead to extremely high cost and undesirable effects. Security, rarely regarded in the past as one of the non‐functional requirements, has to be integrated into the software development process due to its impact on e‐commerce systems. In this paper, a design methodology based on systems security engineering capability maturity model (SSE‐CMM) is proposed to specify design details for the three defined processes: risk, engineering and assurance. By means of an object‐oriented security design pattern, security design covering impact, threats, risks and countermeasures for different parts of an e‐commerce system can be examined systematically in the risk process. The proposed software development process for secured systems (SDPSS), representing the engineering process, consists of four steps: object and collaboration modeling, tier identification, component identification and deployment specification. Selected unified modeling language notations and diagrams are used to support the SDPSS. Using a simplified supply‐chain e‐commerce system as an example, integration of security design into the software development process is shown with discussions of possible security assurance activities that can be performed on a design.
Article navigation
1 August 2001
This article was originally published in
Information Management & Computer Security
Research Article|
August 01 2001
Integrating security design into the software development process for e‐commerce systems
Publisher: Emerald Publishing
Online ISSN: 1758-5805
Print ISSN: 0968-5227
© MCB UP Limited
2001
Information Management & Computer Security (2001) 9 (3): 112–122.
Citation
Chan M, Kwok L (2001), "Integrating security design into the software development process for e‐commerce systems". Information Management & Computer Security, Vol. 9 No. 3 pp. 112–122, doi: https://doi.org/10.1108/09685220110394758
Download citation file:
457
Views
Suggested Reading
An introduction to automated intrusion detection approaches
Information Management & Computer Security (May,1999)
Cyber attacks against supply chain management systems: a short note
International Journal of Physical Distribution & Logistics Management (September,2000)
Electronic commerce: the information‐security challenge
Information Management & Computer Security (August,2000)
Telework: threats, risks and solutions
Information Management & Computer Security (May,1996)
Factors in the selection of a risk assessment method
Information Management & Computer Security (October,1996)
Related Chapters
“$40 to Make Sure”: Background Check Laws and the Endogenous Construction of Criminal Risk
After Imprisonment: Special Issue
Maintenance prioritisation of highway structures
Bridge Management 5: Inspection, maintenance, assessment and repair: Proceedings of the 5th International Conference on Bridge Management, organized by the University of Surrey, 11–13 April 2005
Application of risk and reliability to the management of bridges
Bridge Management 5: Inspection, maintenance, assessment and repair: Proceedings of the 5th International Conference on Bridge Management, organized by the University of Surrey, 11–13 April 2005
Recommended for you
These recommendations are informed by your reading behaviors and indicated interests.
