Proceedings of the 17th World Congress

The International Federation of Automatic Control
Seoul, Korea, July 6-11, 2008

Systems Security Problems and Cultural Meanings in Control and Automation
Systems: Empirical Evidence for Value Conflicts in Systems Engineering
Amanda Freeman*, Dr Larry Stapleton* & Dr Gabriel Byrne**

*ISOL Research Group, Waterford Institute of Technology
**Smurfit Business School, University College, Dublin

Abstract: Automation and control systems such as integrated enterprise information technologies and
distributed telemedical system architectures require highly secure information processing environments to
ensure that costly (and even fatal) errors do not occur. However, research into systems development
methodologies shows significant gaps in the treatment of systems security. Many methodologies do not
specifically include security and privacy considerations within their frame of reference. As a consequence,
recent studies of information control and management systems have shown that, in a global context, many
organisations are at a significant security risk. In this paper we examine five of the most common system
engineering methodologies cited in the literature, and we examine to what extent each of these
methodologies incorporates security and privacy as part of the systems development process. This paper
also presents empirical evidence to support the proposition that, as regards system security, high
technology engineering education is at odds with the core values of students of systems engineering. This
has major implications for the development of secure systems in a globalised economic context. The
evidence shows how students from a wide variety of cultural backgrounds come into degree programmes
valuing security highly, but the education programmes do not address systems security in very much

1. THE IMPORTANCE OF HUMAN VALUES The objective of this paper is demonstrate, how system
engineering methodologies are out-of-step with the security
There has been a growing interest in recent years in the and privacy values of young technologists from different
analysis of human values (Kluckhon, 1951; Rokeach, 1973; cultures. In order to achieve this objective the following
Schwartz and Bilsky, 1987, 1990). Schwartz (1990, 878) research question will be addressed: Do current systems
defines values as “concepts or beliefs, that pertain to desirable engineering methodologies reflect the values of young
end states or behaviours, they transcend specific situations, technologists in terms of security and privacy values?
guide selection or evaluation of behaviour and events, and are
ordered by relative importance”. Values play a key role in 2. SYSTEMS ENGINEERING SECURITY
human activity as they provide strong explanations of DEVELOPMENT
behaviour. Knowing persons values enables us to predict how
he or she will behave in various experimental and real-life The protection of information plays a vital role in automation
situations (Rokeach, 1973). Values also play a key role in our and control technologies. However, research shows that
decision making. Research into values has provided valuable companies are still suffering from serious security breaches
insights into individual, group and organisational levels of (PricewaterhouseCoopers, 2005; CSI/FBI, 2005, Freeman and
analysis. Schlienger and Teufel (2003) believe that every Doyle, 2006). Many researchers argue that a significant
organisational culture expresses core values that are shared by amount of these breaches are caused by poor software design
the majority of the organisations members. Sarros and (McGraw and Wyk, 2005; Villarroel et al., 2004). One of the
Santora (2001) assert that organisations with strong cultures reasons given for this is that security is generally only
and clear values increase their chance of success and considered in the systems engineering process after the system
longevity. Barrett (1998) attributes a strong organisational has been developed (Mouratidis et al., 2004; Villarroel et al.,
culture to be one where values are shared amongst staff and 2004). McGraw and Wyk (2005) argue that one of the
management. reasons for this is that system engineers are not security
specialists. Dhillon (1995) and Ghosh et al., (2002) believe
Whilst many researchers have mentioned the role of values in that in order for a system to be secure it is vital that system
systems engineering development (Hedberg and Mumford, engineers work with security specialists. According to
1975; Kling, 1978; Dagwell and Weber, 1983; Kumar and Baskerville (1993, 377) “what is missing in many instances is
Welke, 1984; Mumford, 2000; McGuire et al., 2006) there is a the involvement of concerned users, enlightened developers,
paucity of academic research that examines values in terms of experienced security specialists or other parties who
systems engineering security development. understand how to incorporate controls into systems while the
systems are still in development”.

978-3-902661-00-5/08/$20.00 © 2008 IFAC 6691 10.3182/20080706-5-KR-1001.2195

One novel way of analysing the role of stakeholders in system According to Dennis et al. Essentially both models are similar design. logical systems specification and physical activities model of SSM.. It is possible that a reason for this could be the system.3 Soft Systems Methodology SSADM (Structured Systems Analysis & Design The Soft System Methodology was developed by Peter Methodology) is one of the most widely used ‘hard’ Checkland as a way to deal with problem situations in structured methodologies. sequence diagrams which are used to community. 2008 Therefore it is vital that systems security engineering perspective of objects (things. In 1990 Checkland steps as. 1984. 1998. development involves all the stakeholders within the business. class diagrams which are used to describe the that security is not valued in the systems engineering structure of the systems. UML itself is not a methodology. it Dhillon. Dhillon. There are five stages in the Multiview methodology emphasise the problem domain and logical solution from the and according to Avison and Wood-Harper (1990) these 6692 . By making value stances explicit it helps us to driven. architecture centric. construction and implementation stages of development. it only METHODOLOGIES AND THE EXTENT TO WHICH focuses on security in terms of authentication.1 SSADM 3. However. Korea. It is said to be a data driven component involved. and it is for this reason that it was development where there is a high social. requirements revised the SSM 7 Stage Model and presented the four- specification. most 3. It is a highly structured methodology that (Checkland. use case involved. Nonetheless. political and human chosen for review in this paper. at to what extent each of these methodologies incorporate activity diagrams which describe the system in terms of security as part of the development process. or entities) (Larman. and informal walkthroughs where each development. Unlike the other methodologies mentioned in this paper UML does take security into account in the systems 3. Freeman and Doyle. 1995). 199) as a mentioned briefly in terms of access privileges and “methodology that explicitly attempts to reconcile ideas from unauthorised access (Goodland and Slater. feasibility study. (2006) any object-orientated security engineering is to look at the values of each group approach to developing information systems must be. concepts. 1998). use case diagrams which are used at the behind advances in general system development requirements elicitation stage to represent the functionality of methodologies. 2000. Goodland and Slater (1997) define the essential to include people in the model.17th IFAC World Congress (IFAC'08) Seoul. the authors of UML have system engineer tends to be based on their values (Kumar and provided the Unified Process (UP) as a suitable methodology. interpret the meanings various groups have assigned to The OO methodology focused on in this paper is the Unified particular issues relating to system security engineering Modelling Language (UML) Unified Process (UP). orientated perspective”. Checkland (1999) argues that it is easy to model stages and steps has defined inputs and outputs (Avison and data and processes. Orvik et al. Version 4 of SSADM consists of five stages and it focuses on ‘soft’ problems in systems development as each stage is made up of a series of steps which use opposed to ‘hard’ problems that are more technically appropriate techniques for the tasks involved. is a modelling notation that provides a variety of modellling diagrams. 85). OVERVIEW OF SYSTEMS ENGINEERING design phase and also in the testing phase. 3. but it does not stipulate underlying process for Research shows that the type of methodology chosen by a developers to follow. 1997). This methodology focuses on the ‘soft’ side of stage is signed off before developers move on to the next systems development and there is no specific reference to stage. 2006). Carew (Kling 1978). For example it is widely accepted that both and Stapleton (2004. state diagrams are used account of some of the most widely reviewed system to describe the behaviour of an individual object as a number engineering methodologies in the literature and we will look of states and transition between these states and finally. It is a seven stage/4 activities systems methodology as it places a large emphasis on data modeling thinking approach for unstructured problems in the real world and the database. Each of the orientated. not provide any support for the planning. 2001.. As a methodology it looks at both the human and technical aspects The essence of object-orientated analysis and design is to of ISD. access controls THEY ADDRESS SECURITY ISSUES and encryption. July 6-11. activities. and iterative and incremental. several information systems development approaches. requirements analysis. 6). After each stage users are involved in formal quality in that they both focus on the ‘soft’ aspects of systems assurance reviews. The only emphasis 3. but to understand the real world it is Fitzgerald. describes UML as “a graphical management and staff play a key role in the implementation modelling language for specifying systems from an object- and success of a system (Dhillon and Backhouse. What makes the Soft System provides very detailed rules and guidelines to project Methodology different from most other methodologies is that developers.2 Object Orientated (OO) Methodology – (UML/UP) notable the Soft System Methodology (SSM)”. According to Bruegge and Dutoit (2000) describe the five types of notation Baskerville (1993) advances in security methodologies lag used in UML as. Welke. 1995. security is only Multiview is described by Iivari (2000. However. In the following section we will give a brief formalise the behaviour of the system.4 Multiview placed on security in the SSADM methodology is in the requirements specification stage. A weakness in SSADM as a methodology is that it does security. 1999).

honouring working life and enhanced job satisfaction of the users must parents and elders. Mumford (2000) believes that an improved quality of life. and this discussion takes place as part of a case study. biologically based needs of the entities and functions of the system. accepting one’s portion in 1995). Conformity (obedience. varied life. Benevolence (helpfulness. curiosity. beauty of nature and arts. social interaction requirements for interpersonal user participation. freedom. ”. wealth). developing alternative design emphasise self-restriction and order) versus Openness to strategies. 2005. In order to understand how values can be suggesting that a high score on the bipolar value of Openness explored the next section reviews the literature on measuring to Change and Self-direction would indicate systems personal values. ETHICS (national security. Schwartz and Bilsky and design of socio-technical aspects. The selfish concerns and promote the welfare of others) versus role of the developer in ETHICS is very different to the role Self Enhancement (whether people are more motivated to of the developer in the previously mentioned methodologies. etc. diagnosis of user needs. is a seven stage methodology based on the participatory reciprocation of favours (Lindeman and Versasalo. the second stage analyses universal requirements which are. choosing one’s own goals).17th IFAC World Congress (IFAC'08) Seoul. stimulation can see that with the exception of SSADM and the Object. Universalism (broad mindedness. an exciting life). creativity. exciting life. choosing ones own goals. The 4. analysis of information. 2005). ambition. 1992). politeness) and Security be a major objective of the systems design process. The personal value the system engineering process after the system has been of privacy is also included in the value type ‘Self-direction’ developed. approach to information systems development. Whilst universal requirements of human life. design of the human (1987) devised a theory of universal types of values as criteria computer interface and design of technical aspects. self- indulgence). social order. Stimulation (daring. hardware Change (whether people are ready for new experiences and and software selection. forgiveness. ETHICS takes the view that in order for nature. This research we will be focusing on the personal value of privacy in terms of measuring security beliefs. The first by viewing values as cognitive representations of three stage looks at the organisation itself. which are. The fourth stage is welfare and survival. a world at peace. enhance their own personal interests even at the expense of in that the developer together with the user develops the others). Stage three includes the organism. a varied and challenging 3. setting efficiency and job dimensions. These two dimensions reflect the different systems. Avison and Wood-Harper (1990) believe this is a vital step as In order to measure values of individuals Schwartz developed the way in which users interact with a system plays an the Schwartz’s Value Survey (SVS) (Schwartz. Hedonism (gratification of desires. engineers to be visionary types of people with a sense of self respect for the personal value of privacy. 1990). environmental protection). Participation plays a role in Transcendence (whether people are willing to transcend many methodologies. Effective Technical and Human Implementation of Computer. Security is not mentioned in the ETHICs motivational goals of the 10 basic values and the two major methodology. curious. self-discipline. This section gave a broad overview of some of the most commonly cited system engineering methodologies that are One could argue that high achieving systems engineers would covered in the literature. equality. July 6-11. responsibility). Korea. MEASURING PERSONAL VALUES IN SYSTEMS stages in Multiview are as follows: ENGINEERING Analysis of human activity. influence on people and events). strategy selection to achieve objectives. (respect for tradition. loyalty. concerned with the implementation of the computer interface. Looking at these methodologies we score high on Openness to Change (self-direction. but it plays a vital role in ETHICS. family security. When people 6693 . may help to explain why security is often only considered in freedom. authority. Tradition organisational and social factors (Avison and Fitzgerald. based System (ETHICS) is a methodology developed by Enid social justice. security (not Orientated methodology security is not considered. modesty).) versus Conservation (tradition. enjoyment in life. Achievement (success.. devotion. conflicts that organise the whole value system (Lindeman. humbleness. Form this we can see that if systems engineers tend to value The personal values of Openness to Change include those the less structured methodologies there is a greater chance that values valued by all stakeholders of the development process security will not feature in the development process. unity with Mumford. implementation and systems emphasise independent action and thought) and Self evaluation (Mumford. 2008 stages aid in answering all the vital questions of users. Finally in the SVS 57 values are used to represent 10 motivationally the fifth stage the developer focuses on the efficient design distinct value domains that are theoretically derived from and the production of a full system specification.5 ETHICS life. Self-Direction (privacy. 177). In important role in whether users’ accept a system. Conservation (whether people resist change and satisfaction objectives. wisdom. The seven Results of these 10 domains have shown to load two bipolar stages are. to be confused with computer security)). Power security is mentioned in Multiview it is only briefly discussed (social power. to identify how the system can be fitted coordination and social institutional demands for group into the users’ working environment. analysis Based on the work of Rokeach (1973). independence. This namely: creativity. conformity. technology to be successful it should fit closely with honesty. daring. cleanliness. capability.

21) and Non-Irish (5. Irish From this table we can see that the top four values that Irish technologists value as guiding principles in their life are: Self-direction (5.278 fill in. Self-Enhancement there is very little difference between the China. RESEARCH METHOD – PARTICIPANTS AND on Openness to Change (32.39). Italy. with the Non-Irish technologists participation was voluntary and that all information would be valuing it even less than the Irish technologists.33 2. Pakistan. (23.79 2. Values N Mean Std. This indicates that if a system engineer tended to favour the less structured methodologies there is a greater chance that security would not appear in the system 6694 .21).21 1. In the SSVS.74) 7. In terms of Self- Enhancement the Non-Irish technologists score slightly lower The sample consists of Irish computing students (78. 3 important. In terms of (21. 125 2. with Self-direction scoring highest A review of five of the most commonly cited methodologies with both Irish (5.81 2.13% terms of Irish and Non-Irish technologists.453 32 2.39) participants. 171) argue that. Achievement (4. 2001).82 1. The fact that both groups scored highly on The sample consists of 161 participants representing a Openness to Change and Conservation. and may take up too much space on a questionnaire’. and South Africa .82).181 SVS.69% 22. Participants were asked to rate the motivating factor in what they do. Irish participants (22. by asking respondents to rate the importance of the Direction ten values directly could Conservation and Self Universalism 126 3. Ukraine.06 2. FINDINGS Change Irish 32.74 1. N Mean Std.738 Tradition Returning to the research question: Do current systems Conformity 125 2.82% 17.09 1.913 32 3.98 2.009 34 4. ‘in many Dev Dev studies. The 7 of supreme importance following section presents and interprets the findings of this study. SYNTHESIS OF FINDINGS and Security (4.78%) than the Irish participants (19. This would treated confidentially. Lindeman and Verasalo (2005) set out Self. Malawi. In terms of foreign technologists the top for values they value as guiding principles in their life are: In section 4 we asked the research question: Do current Self-direction (5.22 2.31. Spain. to answer this question a survey was conducted.43 2.519 to see if. Sudan.43%) PROCEDURES as do their Non-Irish counterparts.87 2.352 Transcendence be reliably and validly examined with a 126 4.9% Table 1 compares the mean scores for each of the 10 values in Non. 3 (important) to Table 2: Comparison of Bipolar Domains 7 (of extreme importance). they often mean data confidentiality. In terms of Self-Enhancement both participants were told that the study concerned values and that groups scored quite low. Benevolence (4. 0 (not important).003 33 4.39 1. Nigeria.305 34 3.086 Benevolence shortened version of the Schwartz’s Value Survey.9%) and the Non-Irish participants Poland. which they called the Short Schwartz’s Value Survey Stimulation 124 4. Openness Conservation Self. Korea. which is appropriate for a preliminary technologists in both groups are independent thinkers who study of this nature. If we want to protect information we have to Irish Non-Irish ensure that the appropriate security measures are in place. a scale with 57 items may be too time consuming to Power 124 2.17th IFAC World Congress (IFAC'08) Seoul.78% 23.9%) and (17.97%) and Conservation (24.50). Self- to Enhance Trans 6. In order to have privacy we must have security (Ghosh.160 With that in mind they developed a shorter version of the Hedonism 123 3.44 2. Benevolence (4.17).50 2.94 2.660 33 4. Security (4. Russia.29 2.87).79) and systems engineering methodologies reflect the values of Universalism (4.423 32 3.87 2.722 technologists in terms of security and privacy values? In order -1 = opposed to my principles.315 33 3.26% 27. the convenience sample. Table 2 illustrates that the Irish technologists score quite high 5. The of order in what they do. shows that.17 2.84 2. These findings show us that participants young technologists in terms of security and privacy values? do in fact value privacy.094 (SSVS). in the literature shows us that with the exception of SSADM and UML/UP security does not appear in any of the other three methodologies. importance of each value as a guiding principle in their life.368 engineering methodologies reflect the values of young Security 125 4. 2008 talk about security. France.13%).641 33 5. 0 = not important.69%). Table 1: Mean Value Scores for Irish and Non-Irish Clearly there is some relationship between security and Technologists privacy. The 10 values were rated on a 9-point scale ranging from -1 (opposed to my principles).43% 19. The respondents ranged from first year embrace new challenges but they also have a certain amount computing students up to computing master’s students.261 34 4. July 6-11. Lindeman and Verasalo (2005. Using the Short Schwartz’s Value indicate that while these technologists do to some extent want Survey participants were presented with the name of a value to enhance their own personal interests it is not a huge along with its value items.1%) of foreign students from the following countries. England.97% 24. Achievement 125 4. 126 5.

Korea. J. D. (1993) Information Systems Security Design investigated in this paper are commonly taught in colleges Methods: Implications for Information Systems Development. Prentice Avison.. Engineering and Technology (IRCSET). 14-16. Howell. R. IN Caplinskas.. Garavan. K. A. & Welke. Journal of Personality Development: Methodologies. Communications of the core values of students in systems engineering. Techniques and Tools. technologist’s values in terms of security and privacy. G. & Mumford. (1998) Applying UML and Patterns: An Introduction to Object-Orientated Analysis and Design.. B. (7). E. R.17th IFAC World Congress (IFAC'08) Seoul. D. E. M. C. Systems Practice. T. 125-128.79. New values of students in terms of security and privacy. 11. International Journal of Manpower. (1978) Value Conflicts and Social Choice in Electronic high technology engineering education is out of step with the Funds Transfer System Developments.. 165-172. Lindeman. This the Role of Information Systems Security in SMEs in the South reflects the low value that systems engineering places on East of Ireland. Wiley. School of Economics and Political Science. & Shah. management systems. It is also Dhillon. R. McGraw Hill. This we Jersey. A. (5). Cambridege. H. D. Journal of Information methodologies do not even consider security as part of the Systems. cultural background the young technologists who took part in Iivari. E. MA.). & Versasalo. R. (1984) Implementation Failure and This research has been funded by the Irish Research Council System Developer Values: Assumptions Truisms and Empirical for Science. McGraw. (1983) System Designers' User Models: A Comparative Study and Methodological Critique. M. University of London. Kluckhohn. J. 17. (2006) The Barrett. Evidence. R. J. CONCLUSION and Understanding Related Information Security Concerns. New 8. different methodologies and we also acknowledge that in Dennis. Making by Line Managers. & Whittiaker. (3). & Wood-Harper. (2001) Violations of Safeguards by Trusted Personnel 9. LIMITATIONS OF THE STUDY York. W. (2000) Information System Security systems is a vital component of the systems engineering Management in the New Millennium. & Slater. (1995) Information Systems Short Schwartz's Value Survey. (3). T. & Klein. Dhillon. This shows us that high technology ACM Computing Surveys. methodologies in the literature which are also some of the Hedberg. explain why some many companies still suffer significant Wojtkowski. & Stapleton. McGuire. (2). P. New Assessment. 251-273. Springer. (2002) Building Software current engineering methodologies reflected young Securely from the Ground Up. yet security and privacy are often not ACM. We Goodland. (1998) Liberating the Corporate Soul. A. (2000) Object-Orientated Software Engineering: Conquering Complex and Changing Systems. Checkland. 85. Wojtkowski. R. (Ed.. EUTIC06 Colloquium. Developing and designing secure automation and control Dhillon. 43. University of Brussels. In this paper we only examined five methodologies that are Computer Security Institute. ACKNOWLEDGEMENTS Kumar. 376-414. (4). IEEE Security & Exploration in Information Systems Development. (8). July 6-11. 25. & Roth. & Wrycza. H. believe cause serious value conflicts for system engineers. Privacy. E. D.. London. around the world. Human Choices and Computers. (2). 642-657. & Backhouse. (1999) Systems Thinking. (2005) Measuring Values With the Avison. Hirschheim. Impact of Individual Values on Human Resource Decision- Heinemann. 75. O. Freeman. Zupancic. The findings show that regardless of Design Process. & Fitzgerald. that in practice quite often organisations use a combination of Communications of the ACM. Arizona. most commonly referred to in the literature. New Jersey. New Jersey. Butterworth. Life Cycle. Woburn. J. (1975) The Design of Computer most commonly taught systems engineering methodologies in Systems: Man's Vision of Man as an Integral Part of the Systems higher education. & Weber. A. 26. IEEE Software. & Wyk. S. Communications of the development process. 21. Computers and Security. engineering education is possibly out-of-step with the core Bruegge. A. Wixom. 179-219. & Dutoit. McGraw Hill. Practice. The Fifth International Conference of Information Systems. & Donnell. & Doyle. R. The aim of this paper was to see if Ghosh.) Information Systems Development: Advances in Theory. may use a methodology not mentioned in this paper. Harvard Business Press. (1997) The Information Systems Development Hall.. C. London. G. in Parsons. 978-995. 10. We have Framework for Classifying Information Systems Development shown that some of the most common system engineering Methodologies and Approaches. K. 6695 . R.. development process. Saha. We acknowledge Dagwell. 3. G.. Amsterdam. (1995) Interpreting the Management of Information important to highlight that there are many standalone security System Security. B.. D. other cases some organisations may use no methodology or Wiley. P. CSI/FBI (2005) Computer Crime and Security Survey 2005. 20. J. methodologies been developed regularly. C. North-Holland Publishing Company. and Education. G. And this we ACM. believe has major implications for the development of secure Carew. Also as the five methodologies Baskerville.. This we believe this shows that current Kling. 27. A. L. REFERENCES Larman. (2005) Bridging the Gap Between Software Avison. C. G. MA. (11). (1997) SSADM: A Practical Approach. (2006) Systems Analysis Design. (2001) A Dynamic this study do in fact value security and privacy. (1951) Values and Value-Orientation in the Theory of Action. M. Lithuania. Tuscon. York. Shils. security and privacy. examined some of the most cited system engineering London. K. L (2006) An Exploratory Study Investigating considered until after the system has been developed. 2008 development process upfront. (2004) Towards a Privacy Framework for systems in a globalised economic context. Prentice Hall. McGraw Hill. B. T. (1990) Multiview: An Development and Information Security. McGraw Hill. London. It could help to Information Systems Development. 170-178. S. In Toward a General Theory of Action. security problems with their information control and (Eds. G. Feb 2002.

H. 58. Journal of Personality and Social Psychology. (1990) Toward a Theory of the Universal Content and Structure of Values: Extensions and Cross-Cultural Replication. 22. G. Schlienger. IEEE Computer Security. Journal of Personality and Social Psychology. (Eds. J. Wojtkowski. Rokeach.. Leadership and Organization Development Journal. M. 2008 Moutatidis. & Teufel. (2003) ‘Analyzing Information Security Culture: Increased Trust by an Appropriate Information Security Culture’.. E.17th IFAC World Congress (IFAC'08) Seoul. (2000) A Socio-Technical Approach to Systems Design. P. Collier Macmillan Publishers. & Santroa. Fifth Mexican International Conference in Computer Science (ENC'04). Mumford. 2005. W. D. Wojtkowski. 243-248. H. 878-891. & Manson. E. T. Mumford. E. Advances in Experimental Social Psychology. M. Olsen. H. 6696 . 125-133. Schwartz. (1987) Toward a Universal Psychological Structure of Human Values. (5). S. 1- 65. W. (1973) The Nature of Human Values. (1992) Universals in the Content and Structure of Values: Theoretical Advances and Empirical Tests in 20 Countries. July 6-11. Giorgini. PricewaterhouseCoopers. (3). (1990) Designing Human Systems for New Technology. (1998) Deployment of System Development Methods. Slovenia. & Piattini. (30). U. H. J. & Bilsky. PricewaterhouseCoopers (2005) Information Security Breaches Survey 2005..) Evolution and Challenges in System Development. H. Medina.. (5). & Wrycza. Sarros. Orvik. W. Villarroel. Proceedings of the International Workshop on Database and Expert Systems Applications (DEXA’03). Bled. Manchester Business School Press. S. 25. Information Systems Journal. S. 609-629. S. Requirements Engineering. G. & Bilsky. (2004) Incorporating Security Issues in the Information Systems Design. (2001) Leaders and Values: A Cross-Cultural Study. (2004) When Security Meets Software Engineering: A Case of Modelling Secure Information Systems. R. 550-562. Schwartz. S. 53. London. IN Zupancic. Schwartz. T. W. M. Korea. & Ssin.. J..