Tuesday, 21 December 2010

Annotated Bib.: Secure Information Systems Engineering: Experiences and Lessons Learned from Two Health Care Projects


[1] H. Mouratidis, A. Sunyaev, and J. Ju ̈rjens. Secure information systems engineering: Experiences and lessons learned from two health care projects. In P. van Eck, J. Gordijn, and R. Wieringa, editors, CAiSE, volume 5565 of Lecture Notes in Computer Science, pages 231–245. Springer, 2009.

This paper used a framework that was developed and published earlier in 2006 that is called "model based security engineering framework", this paper is not aimed to explaining the framework, rather, it is about using the framework in two different health care cases, and discussing the outputs of the case study.
This paper started with a brief explanation for the framework for those who did not read the original paper to be able to understand the rest of the paper, but did not go in to details. The framework is basically integrating two security-aware approaches; Secure Tropos and UMLsec.; the framework have 4 stages: Security Analysis of System Environment, Security Analysis of System, Secure System Design, and Secure Components Definition. The paper applied the framework using these 4 stages on 2 health care examples, but due to a space issue it only explained one of the cases.
The paper explained the case it self, and then went into showing how did the framework stages were applied. The next section was about the reflection or what would be called the results of the study, which was discussed in three subsections: challenges faced during the framework development, lessons learned, and improvements that can be done.
The paper conclude that this framework was helpful, and gave nice results for a first time real life application; giving how complicated the health cases are; and also shows that the fretwork was easy to understand, but might require basic knowledge in security terminology. The paper also showed that there was a problem faced in translating from the Secure Tropos to the UMLsec. but was solved by changing the guidelines.

Relation to the research in hand, this paper shows that a security-aware framework was successfully used in real life examples. Although it needed some enhancements, and some problems were faced, but it also showed that people were able to adapt to such framework, and it helped analyst and designers to take security requirements in consideration from the beginning all the way till the implementation phase.

No comments:

Post a Comment