Global SA&D approach for new information systems architectures security

Information System security is often assimilated to a set of software solutions (Firewall, data encryption,..) but rarely consider the organizational security rules as a fundamental part of the IS security policy. With the increasing use of new IS architectures (Open architecture, distributed database, web server, multi-tier application servers) security leaks become crucial and every security problem is harmful to the organization business continuity. To reduce and detect major security risks at an earlier step of the IS project, our approach is based on different knowledge exchange between end users, analyst, designers and developers. The knowledge is mainly oriented to the detection of weak signals inside the organization. In this paper, we present the different knowledge surroundings an IS project and a knowledge pattern structure that can be used for the formalization aspects of the established exchange that should be established during the IS project between the different participants.