Abstract—The existing information system (IS) developments methods are not met the requirements to resolve the security related (IS) problems and they fail to provide a successful integration of security and systems engineering during all development process stages. Hence, the security should be considered during the whole software development process and identified with the requirements specification. This paper aims to propose an integrated security and IS engineering approach in all software development process stages by using i* language. This proposed framework categorizes into three separate parts: modelling business environment part, modelling information technology system part and modelling IS security part. Booking hotel room management process is used as a case study to validate the proposed framework. The results show that considering security IS goals in the whole system development process can have a positive influence on system implementation and better meet business expectations.
Index Terms—Case study, information system, requirement engineering, software development process, security goals.
A. Y. Author is with La Trobe University, Bundoora, VIC, 3086,
Australia (phone: +61 405099952; e-mail:
yaalotaibi@students.latrobe.edu.au).
F. L. Author is with La Trobe University, Bundoora, VIC, 3086,
Australia (phone: +61 3 9479 1949; e-mail: f.liu@latrobe.edu.au).
Cite: Youseef Alotaibi and Fei Liu, "How to Model a Secure Information System (IS): A Case Study," International Journal of Information and Education Technology vol. 2, no. 2, pp. 94-102, 2012.