Abstract This dissertation is composed of three contributions. First, it recognizes a set of key security issues for information systems (IS), and examines the extent to which these issues have been studied and resolved by existing research efforts. Second, it analyses and discusses the existing approaches for designing secure information systems (SIS), shedding light on their underlying foundations. Third, based on the findings, a framework is put forth, addressing the fundamental shortcomings of the existing SIS design approaches. A meta-notation for adding security into IS development methods is presented as a framework-based example. An action research intervention is accomplished to test the relevance, suitability and feasibility of the meta-notation in practice. Overall, this dissertation sets forth a novel approach for extending security in IS/software development methods.