Abstract
Security and privacy issues are often an afterthought when it comes to systems design. However, failure to address these issues during analysis and design could result in catastrophic effects such as an erosion of trust among those in the stakeholder community once a loss of privacy is experienced, along with the additional expenditures that are necessary to secure a system that has been compromised. We present a conceptual model for creating subsystems of security and privacy governance that are integral parts of the system architecture. Additionally, we propose that knowledge created or acquired during the development and use of the system, especially knowledge about security and privacy, be well documented and stored within a Knowledge Management System (KMS). Viewing, updating, and manipulating the knowledge database throughout the life of the system can enhance its success. In addition, as a knowledge repository, a KMS can contribute to best practices in the development of future systems.
Additional information
Notes on contributors
Jan Gayness Clark
Jan Guynes Clark is a professor at The University of Texas at San Antonio in the Department of Information Systems and Technology Management. She has a Ph.D. from the University of North Texas, and is a Certified Information Systems Security Professional (CISSP). Her research interests include the impact of information technologies on productivity and performance, information security, and IS strategies. Her publications have appeared in leading journals such as Communications of the AIS, Communications of the ACM, IEEE Transactions on Engineering Management, and Information & Management.
Nicole Lang Beebe
Nicole Lang Beebe earned her Ph.D. in Information Technology from The University of Texas at San Antonio (UTSA) in 2007. Currently, she is an Assistant Professor in the Information Systems and Technology Management Department at UTSA. She has over ten years experience in information security and digital forensics, from both the commercial and government sectors. She is a Certified Information Systems Security Professional (CISSP) and currently holds two certifications in digital forensics. She has published several journal articles related to information security in digital forensics in The DATABASE for Advances in Information Systems, Digital Investigation, and Journal of Information System Security (JISSEC). Her research interests include digital forensics, information security, and data mining.
Karen Williams
Karen L. Williams is a Senior Lecturer at The University of Texas at San Antonio in the Department of Information Systems and Technology Management. She received her Ph.D. in MIS from The Florida State University. Her research interests include IT project management, the use of self directed work teams, and the impacts of group roles among IT project management teams on project outcomes. She has multiple conference presentations and proceedings on these topics.
Linda Shepherd
Linda Shepherd is a Lecturer 111 at The University of Texas at San Antonio in the Department of Information Systems and Technology Management. She holds a B.S. in Business Administration from Northern Arizona University and a Master of Computer Systems Management from Creighton University. Linda has 10 years of industry experience. She teaches and has taught classes in programming logic, Java, COBOL, MIS, Microsoft Office fluency, and accounting information systems.