You are here: Home Contents V6 N1 V6N1_Aggelinos.html
Personal tools

Integrating Disaster Recovery Plan Activities into the System Development Life Cycle



Full text

Journal of Information System Security
Volume 6, Number 1 (2010)
Pages 2035
ISSN 1551-0123
George Aggelinos — University of Piraeus, Greece
Sokratis Katsikas — University of Piraeus, Greece
Information Institute Publishing, Washington DC, USA




The development of an IS for an organization is a project of a strategic nature. The development process is a time-consuming and special budgeted project that follows the six stages of the System Development Life Cycle (SDLC). Integrating security within the SDLC is a very important issue. The security of an IS is designed at the very early stages of its development. A security object that is nowadays a must is the Disaster Recovery Plan. Security questions like "Is the Information System Security an issue that has to be a matter of concern for the organization from the start of Information System development?" and "At which stage of its development does an Information System begin to be at risk ?" concern both the organizations and the developers. This paper proposes the enhancement of the SDLC stages in order to reduce the risks from the start of a development, by integrating the development of the Disaster Recovery Plan into the SDLC process. Details are given on how to achieve this, as well as the reasons and the benefits to the organization and to the manufacturer.




Disaster Recovery, SDLC, Information System Development, Information System Security, Data Security




Aggelinos G., Katsikas S. (2007). "Enterprise Recovery in Health Care". The 12th International Symposium on Health Information Management Research - ISHIMR. July 18-20. Sheffield, UK.

Baskerville R. (1993). "Information Systems Security Design Methods: Implications for Information Systems Development". ACM Computing Surveys, 25(4):375-414.

CEN ENV 12924 (1997). "Medical Informatics - Security Categorisation and Protection for Healthcare Information Systems". CEN, European Committee for Standardisation.

Down E., Clare P., Coe I.. (1992). Structured Systems Analysis and Design Method: Application and Context. Prentice Hall, United Kingdom.

Kalloniatis C., Kavakli E., Gritzalis S. (2008). "Addressing Privacy Requirements in System Design: The PriS Methodology". Springer, Requirements Engineering, 13(3): 241-255.

Kissel R., Stine K., Scholl M., Rossman H., Fahlsing J., Gulick J. (2008). Security Considerations in the System Development Life Cycle. Special Publication 800-64 Rev2. NIST, Computer Security Division, Information Technology Laboratory, USA.

Rainer K., Marshall T., Knapp K., Montgomery G. (2007). "Do Information Security Professionals and Business Managers View Information Security Issues Differently?" Information Systems Security, 16, 100-108.

Ross R., Katzke S., Johnson A., Swanson M., Stoneburner G., Rogers G. (2009).

Recommended Security Controls for Federal Information Systems. Special Publication 800-53 Rev 3. NIST, Computer Security Division, Information Technology Laboratory, USA.

Souliotis K., Papadakis M. (2007). Politics and economics of health. Papazisis Press, Greece. (In Greek).

Stefanou K. (2003). "System Development Life Cycle". Encyclopaedia of Information Systems, 4:329-344.

Swanson M., Wohl A., Pope L., Grance T., Hash J., Thomas R. (2002). Contingency Planning Guide for Information Technology Systems. Special Publication 800-34. NIST, Computer Security Division, Information Technology Laboratory, USA.

Tryfonas T. (2003). "The Contribution of Organisational Images of Information System Security to the Implementation of Secure Information Systems". Athens University of Economics and Business.

Tryfonas T., Kiountouzis E. (2001). "Security Concerns for Contemporary Development Practices: A Case Study". IFIP TC11, 193. Paris, France.

Weaver P., Lambrou N., Walkley M. (2002). Practical Business Systems Development Using SSADM: A complete tutorial guide. 3rd Edition. Prentice Hall, United Kingdom.