A qualitative case study of perceptions in secure systems development

Application and systems security intrusions from a single isolated event had a direct economic impact of 2.6 billion dollars on organizations in 2007. Developing secure systems from the ground up will allow organizational managers to better defend themselves against these kinds of attacks. The purpose of this study was to explore the perceptions of development managers and application developers in terms of secure systems development. This researcher also sought to explore the understanding of application developer's ability to incorporate defined security models into their organizations software development methodologies. The research methodology utilized was a qualitative embedded case study. The target population for this research was development team members who functioned in the roles of director or manager of application development, manager of application security, systems analysts, programmer analysts, programmer and business analyst. The findings of this study were identified by four distinct categories the strategic implications of secure systems development, the tactical execution of secure system development, interpretations of information security operations standards and developer understanding of secure system development. Several perception misalignments were identified in each of the previous categories except for the interpretation of security standards, where the perceptions of both managers and developers align and a significant knowledge gap exist.