Secure Information Systems Engineering: Experiences and Lessons Learned from Two Health Care Projects
Proceedings of the 21st International Conference on Advanced Information Systems (CAiSE 2009), Amsterdam, Netherlands, 8-12 June 2009
Advanced Information Systems Engineering, Lecture Notes in Computer Science (LCNS), pp. 231-245
Posted: 27 Sep 2012
Date Written: June 8, 2009
In CAiSE 2006, we had presented a framework to support development of secure information systems. The framework was based on the integration of two security-aware approaches, the Secure Tropos methodology, which provides an approach for security requirements elicitation, and the UMLsec approach, which allows one to include the security requirements into design models and offers tools for security analysis. In this paper we reflect on the usage of this framework and we report our experiences of applying it to two different industrial case studies from the health care domain. However, due to lack of space we only describe in this paper one of the case studies. Our findings demonstrate that the support of the framework for the consideration of security issues from the early stages and throughout the development process can result in a substantial improvement in the security of the analysed systems.
Suggested Citation: Suggested Citation