Abstract

Abstract As information and communication technologies become a critical component of firms' infrastructures and information establishes itself as a key business resource as well as driver, people start to realise that there is more than the functionality of the new information systems that is significant. Business or organisational transactions over new media require stability, one factor of which is information security. Information systems development practices have changed in line with the evolution of technology offerings as well as the nature of systems developed. Nevertheless, as this paper establishes, most contemporary development practices do not accommodate sufficiently security concerns. Beyond the literature evidence, reports on empirical study results indicating that practitioners deal with security issues by applying conventional risk analysis practices after the system is developed. Addresses the lack of a defined discipline for security concerns integration in systems development by using field study results recording development practices that are currently in use to illustrate their deficiencies, to point to required enhancements of practice and to propose a list of desired features that contemporary development practices should incorporate to address security concerns.