Do secure information system design methods provide adequate modeling support?

Information system development (ISD) methods lack security features. To address this problem, various secure information system (SIS) design methods have been proposed. An important feature of these methods is modeling support, which manifests itself through modeling notations. This paper explores the extent to which the alternative SIS design methods offer modeling support. The results suggest that extant SIS design methods provide only limited modeling support. No single SIS design method offers comprehensive modeling support. This result has implications for practice and research. Practitioners may need to combine different SIS design methods for the development of secure information systems (IS). In turn, scholars and SIS design method developers should ensure that future SIS design methods offer comprehensive modeling support. Finally, empirical studies should be conducted to explore the usability of the current conceptual models of secure systems design methods in practice.