Decision matrix Normalized decision matrix Best to the worst score for each criterion Presenting all steps of Topsis with the table and formula as a stepwise process. download the excel file download the word file
The security violation for a healthcare software product causes enormous fatalities. For this reason, it is necessary to develop such a security-critical software system in the best conceivable way. It does not inevitably mean absolute security, however a reasonable high-security level in relation to the given limitations. In recent years, literature has offered a number of security and privacy requirements engineering methods that assist the software system designers and developers to implement security and privacy concerns presented in the traditional development model. Several methods deliberate security or privacy requirements independently, however, some other approaches consider privacy as a subset of security [4]. Software security requirements have become an important part of the overall requirements analysis process during the software development process.
Download software topsis
Download: https://tinurll.com/2vDgw5
In the United States in 1996 the Health Insurance Portability and Accountability Act, known as HIPAA, was enacted. The law sets standards for data security as well as privacy to safeguard patient records. HIPAA compliance has now become an important consideration in the healthcare industry for software engineers in recent times, as several high-profile data attacks have exposed millions of medical information nationally [5]. According to HIPAA Journal, there were 3054 data breaches in the healthcare industry affecting over 500 documents between 2009 and 2019. All these violations resulted in the destruction, theft, disclosure, or unauthorized release of 230,954,151 data in healthcare organizations. That is comparable to much more than 69.78% of the United States population. Data breaches of healthcare information were confirmed at a frequency of 1.4 per day in 2019 [6]. The following Fig. 1 shows the year-wise number of healthcare data breaches.
Security requirements are one of the most important parts of all non-functional requirements. Negotiation with software security requirements during software development may result in disastrous failure of the software product affecting enormous damage of valuable assets. Special attention should be given to the security requirements of the software product during the software development as a software system does not exist physically.
We notice that different security requirements engineering techniques are available for the elicitation of security requirements in order to develop a quality and trustworthy healthcare software system. However, the selection of the most appropriate SRE approach for trustworthy healthcare software development is a challenging task. The objective of this paper is to identify the different criteria for the analysis of different security requirements engineering approaches. Further, we select the ISO 27005 standard [8] criteria for the selection of effective security requirements engineering approach. We evaluate each criterion by itself or in comparison with other requirements, while ignoring the relationships existing between them, and also without regard to the effect of others on this priority value. In this paper, the researchers formally review the different security requirements engineering approaches and identify five best approaches as alternatives for comparative analysis. The main purpose of prioritizing existing security requirements engineering approaches is to help in quality and trustworthy software development. In order to improve decision making and to achieve this, it is necessary to establish a process adapted to requirements that take into account these relationships, to help provide consistency to the prioritization done. For that, before assigning a final value of priority to each criterion it is important to consider the operational significance of those criteria in the context of effective security requirements engineering with which it is in interdependency. In this paper we use the principle of pair-wise comparisons of fuzzy TOPSIS [11] method that is deliberated as the most helpful method, to help to accomplish the best decisions conceivable and to clearly present the rationality of the decision made about prioritization.
Security requirements engineering is an area of software engineering, which comprises security, safety, risk, vulnerabilities, and mitigation mechanisms. Security requirements engineering has over the years proven to be a challenging task. This is especially the case because pinpointing what security requirements are having been difficult. Despite all these challenges, the demand for developing security requirements elicitation methods for the changing requirements of networked environments is great. Mellado et al. [12] describe software security engineering as a practice through which to address software security issues in a systematic manner, is known to be a very important part of the software development process for the achievement of secure software systems. According to Devanbu & Stubblebine security requirement is considered as a manifestation of a high-level organizational policy into the detailed requirements of a specific system [13]. Lee et al. [14] draw attention to the significance of considering security requirements in the development life cycle, but do not define them. After analyzing the existing literature and best practices in the area of software security engineering, the authors have defined the security requirements engineering as:
Software security engineering procedure should include the use of repeatable and organized processes to guarantee that the set of requirements found is complete, reliable, easy to recognize and analyzable by the different participants involved in the software development process [15]. Security needs to be considered as a quality constraint in all the phases of software development process [16]. To develop a security-critical software system [17] many security requirement frameworks have been developed by different authors. Some of the famous security requirements engineering approaches are STORE [2], MOSRE [18], SREF [19], SREP [20], SQUARE [21]. Security requirements engineering is an important activity since bad security requirements can lead to ineffective security or worth security holes [22]. The following section briefly discusses each security requirements engineering approach.
SQUARE (Security Quality Requirements Engineering) [21] developed by Carnegie Mellon University, It is a 9-step method aimed at categorizing and prioritizing the criteria for protection. This method provides a way to solicit, categorize, and prioritize security specifications for software applications. This methodology focuses on building features into the early stages of a software development lifecycle. It may also be effective to document and analyse the safety aspects of drafted applications and future changes may be guided and improvements to those structures. Every step is designated with inputs, outputs, members and procedures:
The first step in this process is the establishment of a hierarchy model. The hierarchy model is composed of the seven criterion group Security goal, Security requirement, Stakeholder, Asset, Threat, Vulnerability, Risk. After the hierarchy has been established, the criteria must be evaluated in pairs so as to determine the relative importance between them and their relative weight to the global goal. The study was planned and conducted to comparatively evaluate the different criteria which are considered by the software developer during the selection of effective security requirements engineering approach. A survey form was prepared to determine the prioritization of the characteristics incorporated when choosing effective security requirements engineering approach for the development of trustworthy healthcare software system. This form was given to 25 security experts to collect their estimation on the pair-wise criteria comparisons and fuzzy TOPSIS model was created. A set of ISO 27005 standard criteria represents the balanced hierarchical structure consisting of the seven main criteria and five alternatives incorporating the objectives and criteria when choosing the effective alternative as a security requirements engineering approach. Some of the popular SRE approaches which are used in this study are SREP, SQUARE, STORE, MOSRE and SREF which are represented by A1, A2, A3, A4, and A5 respectively. The Fig. 3 shows the hierarchy representation of different criteria and alternatives.
The closeness coefficient (Ci) of different alternatives is estimated as 0.438, 0.74, 0.842, 0.322 and 0.341 for A1, A2, A3, A4 and A5 respectively. The findings show the A3 has highly effective and efficient security requirements engineering approach for trustworthy healthcare software development.
After the criteria were prioritized accordingly, the model used in this study enabled us to analyses the main concept of the consistency of preferences made by the security experts. Furthermore, the main purpose of this study is to provide a model enabling security experts to make a more consistent decision for trustworthy healthcare software development. After the features of the security requirements engineering method became clear, this model can be used to predict effective security requirements engineering approach selection in the real world. This study determined the priority of alternatives that are considered in selecting an effective security requirements engineering method respective of criteria for trustworthy healthcare software development. These criteria highlight the prioritized SRE approaches to which a software developer should pay attention.
Effective security requirements engineering approach selection decision is essential for the trustworthy healthcare software development. Determining among the many existing SRE methods is a challenging decision-making problem due to the fact that each approach has advantages as well as disadvantages. We implemented the results of a study on the application of fuzzy TOPSIS methodology. A set of ISO 27005 standard criteria identified based on the literature review and organized into a rational hierarchical structure consisting of the seven main criteria and five alternatives. The consistency ratios were less than 0.10 for all the 25 security experts in collected form responses. The research findings suggest that the STORE approach (with Ci value 0.842) is more effective than SQUARE (0.74), SREP (0.438), SREF (0.341), and MOSRE (0.322) in manipulating performance towards security requirements engineering approaches. Determining weights of essential motivation, purpose, and consciousness focus areas can help security decision-making and compliance with policy, and support design of effective security requirements engineering. However, these weights may in turn be affected by local organizational and educational factors. The presented fuzzy TOPSIS results in this paper can be used to select or design an effective security requirements engineering approach that may assist the software developers in developing a trustworthy healthcare software system. Several other fuzzy decision-making approaches are available like VIKOR, fuzzy ANP, PROMETHE, and many others can be used for future research, and their findings can be compared with the findings obtained in this study. The outcome discussed in this research may be used by the software professionals working in the clinical, education, and healthcare activities related to software development. 2ff7e9595c
Comentarios