Title :
Mining and analysing security goal models in health information systems
Author :
Weber-Jahnke, Jens H. ; Onabajo, Adeniyi
Author_Institution :
Dept. of Comput. Sci., Univ. of Victoria, Victoria, BC
Abstract :
Large-scale health information software systems have to adhere to complex, multi-lateral security and privacy regulations. Such regulations are typically defined in form of natural language (NL) documents. There is little methodological support for bridging the gap between NL regulations and the requirements engineering methods that have been developed by the software engineering community. This paper presents a method and tool support, which are aimed at narrowing this gap by mining and analysing structured security requirements in unstructured NL regulations. A key value proposition of our approach is that requirements are mined ldquoin-placerdquo, i.e., the structured model is tightly integrated with the NL text. This results in better traceability and enables an iterative rather than waterfall-like requirements extraction and analysis process. The tool and method have been evaluated in context of a real-world, large scale project, i.e., the Canadian Electronic Health Record.
Keywords :
document handling; medical information systems; security of data; software engineering; health information software systems; multi-lateral security; natural language documents; privacy regulations; requirements engineering; security goal models; software engineering; structured security requirements; waterfall-like requirements extraction; Computer science; Computer security; Information analysis; Information security; Information systems; Large-scale systems; Law; Natural languages; Privacy; Software systems;
Conference_Titel :
Software Engineering in Health Care, 2009. SEHC '09. ICSE Workshop on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4244-3739-9
DOI :
10.1109/SEHC.2009.5069605
