Security requirements elicitation: A smart health case

Rabii, Anass; Assoul, Saliha; Roudiès, Ounsa

doi:10.1109/worlds450073.2020.9210330

Cited by 2 publications

(2 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Drawing from the existing base of knowledge, continuous improvement is a central aspect of the ISO security standards. This translates into a cyclical security management procedure [5]. Using a PDCA cycle [25], operational monitoring would take place during the "Do" and "Check" phases.…”

Section: Methodsmentioning

confidence: 99%

“…This method would provide security managers with proper knowledge to track fundamental causes, such as asset vulnerabilities, unaccomplished tasks and accountabilities. In our previous studies, we described ASTESJ ISSN: 2415-6698 our generic framework dedicated to information security management, extracted security concepts for SysML profiles [4] as well their application in security requirement management [5]. In this paper, we examine the responsibility issue and illustrate it using a case study.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Operational Responsibility and Task Monitoring Method: A Data Breach Case Study

Assoul¹,

Rabii²,

Roudiès³

2021

Adv. sci. technol. eng. syst. j.

Self Cite

View full text Add to dashboard Cite

As a result of digitalization, services become highly dependent on information systems thus increasing the criticality of security management. However, with system complexity and the involvement of more human resources, it becomes more arduous to monitor and track tasks and responsibilities. This creates a lack of visibility hindering decision making. To support operational monitoring, we propose a method composed of i) a core of security concepts from International Standard Organization (ISO) standards ii) a graphical modeling language iii) a guiding process and iv) a tool that provides verification through formal Object Constraint Language (OCL) queries. Applying this method to the case of the Capital One data breach showcases incident prevention through task supervision. The resulting work product is a formal comprehensive map of assets, actors, tasks and responsibilities. The SysML formalism allows different actors to extract information from the map using OCL queries. This allows for regular task and responsibility verification thus closing any window of attack possible.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An Operational Responsibility and Task Monitoring Method: A Data Breach Case Study

Assoul¹,

Rabii²,

Roudiès³

2021

Adv. sci. technol. eng. syst. j.

Self Cite

View full text Add to dashboard Cite

show abstract

A Rapid Review of How Model‐based Systems Engineering is Used in Healthcare Systems

Xames,

Topcu

2024

INCOSE International Symp

View full text Add to dashboard Cite

This study presents the results from rapid review of how model‐based systems engineering (MBSE) is utilized in healthcare systems (HSs). We conduct a review of the last twelve years and find that MBSE adoption in HSs is accelerating, with use of various MBSE languages and tools, as well as their integration with other simulation and modeling techniques. We find that similar to engineered systems, the most common MBSE language is systems modeling language (SysML), followed by unified modeling language (UML) and others. Additionally, we observe that MBSE methods are frequently used in conjunction with other analytical techniques, such as simulation and co‐simulations, to analyze and enhance various HS operations, or to assist with making tradeoffs between HS attributes such as quality and cost. Moreover, we provide a non‐exhaustive classification of current research based on two dimensions: healthcare applications and MBSE use cases. Notably, MBSE is being implemented generally with patient‐centric objectives in various HS domains, including IoT‐enabled smart healthcare, clinical medicine, medical device development, healthcare process enhancement, and healthcare facilities management. While the primary MBSE use case involves modeling different aspects of healthcare operations, there is a significant number of studies that pursue requirements engineering, systems analysis, integration, verification and validation, as well as risk analysis and management. Furthermore, we identify two promising research gaps. First, there is a need for the integration of MBSE with state‐of‐the‐art data‐driven analytical methodologies such as hybrid simulation and artificial intelligence techniques. Second, HSs could greatly benefit from representing the cognitive functions and processes of human decision‐makers in the loop, such as healthcare providers (e.g., doctors and nurses), who are instrumental in sustaining the HS performance and functionality. We contend that MBSE and other SE methods and techniques could improve HSs design, operations, and management; while fostering resilience and long‐term sustainability.

show abstract

Security requirements elicitation: A smart health case

Cited by 2 publications

References 18 publications

An Operational Responsibility and Task Monitoring Method: A Data Breach Case Study

An Operational Responsibility and Task Monitoring Method: A Data Breach Case Study

A Rapid Review of How Model‐based Systems Engineering is Used in Healthcare Systems

Contact Info

Product

Resources

About