Meta-Notation Design Theory Has Underlying Meta-Requirements Based

¶ … meta-notation design theory has underlying meta-requirements based on theories and designed as guide to enable the designing of information systems that are organizational specific. (Siponen, 2006). This theory can help organizations design information systems based on the needs of the organization. The theory is based on theories of it is illogical to state what an organization should do in terms of security, establish identity of methods where subjects and objects can be added to notational patterns, shows ISO modeling can be divided into 3 levels of abstraction, SIS and ISD must operate together, give proper respect to humans, and be quick and effective.

Most of the damage of the IT security stems from simple mistakes unintended or unauthorized actions of legitimate users and IT engineers who are either untrained in security and/or who misunderstood instructions from management. (The Security Framework for Information Technology). By following the meta-requirements as a guide, an organization can reevaluate the existing system for discrepancies and reevaluate what is the best interest of the company for fixing the problems. Many of the elements of an information system are artifacts, or human made. (Walls, 2004). The elements that are made by humans can be changed by humans. There also needs to be a design theory hypothesis that user calibration can be achieved through proper application of expressiveness, visibility, and inquirability. It needs to be able to be tested for deficiencies. Design theories require a strategy for informing of capabilities, benefits, and implementation strategies for effective adoption. The ISDT would be used as a guiding framework.

Two areas of underdeveloped research are in risk analysis as a foundation for information security management and the nature of non-technological system safeguards. (Backerville, 1994). This is saying that the practice of security policies and doing risk analysis for the security of the information systems have very little research. Risk analysis is one of the most valuable tools in evaluating the information system. Does the system resist the impact of threats on system objects? Is the design methods being used interoperable? How secure should the system be? Does the system provide support for organizational, conceptual, and technical levels? Does it provide abstract representation and operations that specify threats, objects, and security features for the three levels? Does the SIS design integrate to ISD? Does the system enable the autonomy of developers? Is it adaptable to forth coming ISD methods? Is it quick and effective? The whole idea of protecting the information system is to prevent the system from accidentally or deliberately working to illegitimate purposes. The main goal of information security is to prevent unpredicted and disallowed system behavior.