A UML Profile for the Identification and Analysis of Security Risks during Structured Brainstorming
نویسندگان
چکیده
Methods for identification and analysis of security risks make use of structured brainstorming sessions. The effectiveness of such sessions depends on the extent to which the stakeholders and analysts involved understand and are understood by each other. Since such sessions involve people with different backgrounds and competencies, like users, system-developers, decision makers and system managers, communication among them may be difficult. This report proposes a carefully designed specification language defined as a UML profile aiming to improve communication and understanding during such sessions. We claim that the profile (1) allows the target of evaluation to be described in a uniform manner at a suitable level of abstraction, (2) improves understanding and communication during structured brainstorming sessions concerned with security, (3) facilitates the documentation of results from such brainstorming sessions, and security assessments in general.
منابع مشابه
Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملIdentifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کاملAssessment of Hospital Risks for Occupational Safety of Healthcare Staff against Covid-19 Using FMEA Method and Multi-Criteria Decision-Making Methods (Case study: Department of Infectious Diseases of Bu-Ali hospital in Zahedan)
Introduction and purpose: Risk assessment is a necessity in high-risk work environments like hospitals. During epidemics, the need to maintain the health of healthcare staff increases as they are effective people in controlling the spread of the disease. The purpose of this study was to assess the occupational safety of healthcare staff against coronavirus using FMEA in infectious diseases ward...
متن کاملModel-based Security Engineering of SOA System Using Security Intent DSL
Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of de...
متن کاملComparing Different Methodologies Used To Ensure the Security of RFID Credit Card: A Comparative Analysis
The use of Radio Frequency Identification (RFID) advancement is turning out to be rapidly transversely over an extensive variety of business undertakings. Engineers apply the development not simply in customary applications, for instance, asset or stock after, also in security organizations, electronic travel papers and RFID-embedded card. In any case, RFID development moreover brings different...
متن کامل