The existing information system (IS) development methods do not meet the requirements to resolve security-related IS problems and they fail to provide for the successful integration of security and systems engineering during all development process stages. Security should be considered during the whole software development process and the requirements specifications should be identified. This paper aims to propose an integrated security and IS engineering approach in all software development process stages by using the i* language. The proposed framework is divided into three separate parts: modeling the business environment, modeling the information technology system and modeling IS security. A mobile phone order management process in a telecommunication company is used as a case study to validate the proposed framework. An empirical analysis based on data from 130 business and IT managers is used to evaluate and investigate if it has an impact on business process performance. The results were subjected to reliability and validity analyses. Bivariate correlation analysis was used to test four hypotheses. The results show that considering security IS goals in the whole system development process can have a positive influence on system implementation, better meet business expectations and positively impact on business process performance.

• 出版日期2014-9-1