Enhancing Misuse Cases With Risk Assessment for Safety Requirements
No Thumbnail Available
Date
2020
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Ieee-inst Electrical Electronics Engineers inc
Open Access Color
OpenAIRE Downloads
OpenAIRE Views
Abstract
Risk-driven requirements elicitation represents an approach that allows assignment of appropriate countermeasure for the protection of the Information System (IS) depending on the risk level. Elicitation of safety requirements based on risk analysis is essential for those IS which will run on the open and dynamic Internet platform. Traditionally, misuse cases are used to find the weak points of an IS but cannot differentiate between the weak point that can lead to lenient hazard and/or serious hazard. In this paper, we present an enhanced misuse case approach to support IS safety risk assessment at the early stages of software process. We extensively examined and identified concepts which constitute a modelling technique for IS safety risk assessment and build a conceptual model for achieving IS safety risk assessment during the requirement analysis phase of software process. The risk assessment process follows an approach of consequential analysis based on misuse cases for safety hazard identification and qualitative risk measurement. The safety requirements are elicited according to the results of the risk assessment. A medical IS is used as a case study to validate the proposed model.
Description
Fernandez-Sanz, Luis/0000-0003-0778-0073; Misra, Sanjay/0000-0002-3556-9331; Abayomi-Alli, Olusola/0000-0003-2513-5318; Arogundade, Oluwasefunmi/0000-0001-9338-491X
Keywords
Misuse case, requirements engineering, risk assessment, scenario, safety, use cases
Turkish CoHE Thesis Center URL
Fields of Science
Citation
3
WoS Q
Q2
Scopus Q
Q1
Source
Volume
8
Issue
Start Page
12001
End Page
12014