Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress
Clinical Collections
Advances in Alzheimer’s

At a glance: The STEP trials

A round-up of the STEP phase 3 clinical trials evaluating semaglutide for weight loss in people with overweight or obesity.
ADVANCED SEARCH
Log in
Top
BMC Medical Informatics and Decision Making
Published in: BMC Medical Informatics and Decision Making 1/2020

Open Access 01-12-2020 | Research article

A fuzzy TOPSIS based analysis toward selection of effective security requirements engineering approach for trustworthy healthcare software development

Authors: Md Tarique Jamal Ansari, Fahad Ahmed Al-Zahrani, Dhirendra Pandey, Alka Agrawal

Published in: BMC Medical Informatics and Decision Making | Issue 1/2020

Login to get access

Abstract

Background

Today’s healthcare organizations want to implement secure and quality healthcare software as cyber-security is a significant risk factor for healthcare data. Considering security requirements during trustworthy healthcare software development process is an essential part of the quality software development. There are several Security Requirements Engineering (SRE) methodologies, framework, process, standards available today. Unfortunately, there is still a necessity to improve these security requirements engineering approaches. Determining the most suitable security requirements engineering method for trustworthy healthcare software development is a challenging process. This study is aimed to present security experts’ perspective on the relative importance of the criteria for selecting effective SRE method by utilizing the multi-criteria decision making methods.

Methods

The study was planned and conducted to identify the most appropriate SRE approach for quality and trustworthy software development based on the security expert’s knowledge and experience. The hierarchical model was evaluated by using fuzzy TOPSIS model. Effective SRE selection criteria were compared in pairs. 25 security experts were asked to response the pairwise criteria comparison form.

Results

The impact of the recognized selection criteria for effective security requirements engineering approaches has been evaluated quantitatively. For each of the 25 participants, comparison matrixes were formed based on the scores of their responses in the form. The consistency ratios (CR) were found to be smaller than 10% (CR = 9.1% < 10%). According to pairwise comparisons result; with a 0.842 closeness coefficient (Ci), STORE methodology is the most effective security requirements engineering approach for trustworthy healthcare software development.

Conclusions

The findings of this research study demonstrate various factors in the decision-making process for the selection of a reliable method for security requirements engineering. This is a significant study that uses multi-criteria decision-making tools, specifically fuzzy TOPSIS, which used to evaluate different SRE methods for secure and trustworthy healthcare application development.
Literature
1.
ur Rehman S, Gruhn V. Recommended architecture for car parking management system based on cyber-physical system. In: 2017 International Conference on Engineering & MIS (ICEMIS): IEEE; 2017. p. 1–6.
2.
Ansari MTJ, Pandey D, Alenezi M. STORE: security threat oriented requirements engineering methodology: Journal of King Saud University-Computer and Information Sciences; 2018.
3.
Manadhata PK, Karabulut Y, Wing JM. Report: measuring the attack surfaces of enterprise software. In International Symposium on Engineering Secure Software and Systems. Berlin, Heidelberg: Springer; 2009. p. 91–100.
4.
Pattakou A, Kalloniatis C, Gritzalis S. Security and privacy requirements engineering methods for traditional and cloud-based systems: a review. Cloud Comput. 2017;2017:155.
5.
Ansari MTJ, Pandey D. Risks, security, and privacy for HIV/AIDS data: big data perspective. In: Censorship, Surveillance, and Privacy: Concepts, Methodologies, Tools, and Applications: IGI global; 2019. p. 58–74.
6.
7.
McGraw G. Security fatigue? Shift your paradigm. Computer. 2014;47(3):81–3.CrossRef
8.
Muñante D, Chiprianov V, Gallon L, Aniorté P. A review of security requirements engineering methods with respect to risk analysis and model-driven engineering. In International Conference on Availability, Reliability, and Security. Cham: Springer; 2014. p. 79–93.
9.
10.
Pandey D, Suman U, Ramani AK. Security requirement engineering issues in risk management. Int J Comput Appl. 2011;975:8887.
11.
Hwang CL, Yoon K. Methods for multiple attribute decision making. In: multiple attribute decision making. Berlin, Heidelberg: Springer; 1981. p. 58–191.CrossRef
12.
Mellado D, Blanco C, Sánchez LE, Fernández-Medina E. A systematic review of security requirements engineering. Comput Stand Interfaces. 2010;32(4):153–65.CrossRef
13.
Devanbu PT, Stubblebine S. Software engineering for security: a roadmap. In: Proceedings of the Conference on the Future of Software Engineering; 2000. p. 227–39. ACM.
14.
Lee Y, Lee J, Lee Z. Integrating software lifecycle process standards with security engineering. Comput Secur. 2002;21(4):345–55.CrossRef
15.
Kotonya G, Sommerville I. Requirements engineering: processes and techniques: Wiley Publishing; 1998.
16.
Deshmukh M. Security requirements engineering process. In: Seminar in Information System, Security Engineering; 2009.
17.
Gutgarts PB, Temin A. Security-critical versus safety-critical software. In: 2010 IEEE International Conference on Technologies for Homeland Security (HST): IEEE; 2010. p. 507–11.
18.
Salini P, Kanmani S. Model oriented security requirements engineering (MOSRE) framework for web applications. In: Advances in Computing and Information Technology. Berlin, Heidelberg: Springer; 2013. p. 341–53.CrossRef
19.
Haley C, Laney R, Moffett J, Nuseibeh B. Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw Eng. 2008;34(1):133–53.CrossRef
20.
Mellado D, Fernández-Medina E, Piattini M. Applying a security requirements engineering process. In: European Symposium on Research in Computer Security. Berlin, Heidelberg: Springer; 2006. p. 192–206.
21.
Mead, N. R., & Stehney, T. (2005). Security quality requirements engineering (SQUARE) methodology (Vol. 30, no. 4, pp. 1-7). ACM.
22.
Bulusu ST, Laborde R, Wazan AS, Barrere F, Benzekri A. Applying a requirement engineering based approach to evaluate the security requirements engineering methodologies. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing: ACM; 2018. p. 1316–8.
23.
Herrmann DS. Using the common criteria for IT security evaluation: CRC Press; 2002.
24.
Kou G, Lu Y, Peng Y, Shi Y. Evaluation of classification algorithms using MCDM and rank correlation. Int J Inf Technol Decis Mak. 2012;11(01):197–225.CrossRef
25.
Kou G, Peng Y, Wang G. Evaluation of clustering algorithms for financial risk analysis using MCDM methods. Inf Sci. 2014;275:1–12.CrossRef
26.
Kuruoglu E, Guldal D, Mevsim V, Gunvar T. Which family physician should I choose? The analytic hierarchy process approach for ranking of criteria in the selection of a family physician. BMC Med Inform Decis Making. 2015;15(1):63.CrossRef
27.
Ashrafzadeh M, Rafiei FM, Isfahani NM, Zare Z. Application of fuzzy TOPSIS method for the selection of warehouse location: a case study. Interdiscip J Contemp Res Business. 2012;3(9):655–71.
28.
Sevkli, M., Zaim, S., Turkyilmaz, A., & Satir, M. (2010). An application of fuzzy Topsis method for supplier selection. In International Conference on Fuzzy Systems (pp. 1-7). IEEE.
29.
Myagmar S, Lee AJ, Yurcik W. Threat modeling as a basis for security requirements. In: Symposium on requirements engineering for information security (SREIS), vol. 2005; 2005. p. 1–8.
30.
Ramachandran M. Software security requirements management as an emerging cloud computing service. Int J Inf Manag. 2016;36(4):580–90.CrossRef
31.
Fabian B, Gürses S, Heisel M, Santen T, Schmidt H. A comparison of security requirements engineering methods. Requir Eng. 2010;15(1):7–40.CrossRef
32.
Ullah S, Iqbal M, Khan AM. A survey on issues in non-functional requirements elicitation. In: International Conference on Computer Networks and Information Technology: IEEE; 2011. p. 333–40.
33.
Luburić, N., Sladić, G., & Milosavljević, B. (2018). Applicability issues in security requirements engineering for agile development. In Proceedings/8 th International conference on applied internet and information technologies (Vol. 8, no. 1, pp. II-VII). “St Kliment Ohridski” university-Bitola, Faculty of Information and Communication Technologies-Bitola, republic of Macedonia.
Metadata
Title
A fuzzy TOPSIS based analysis toward selection of effective security requirements engineering approach for trustworthy healthcare software development
Authors
Md Tarique Jamal Ansari
Fahad Ahmed Al-Zahrani
Dhirendra Pandey
Alka Agrawal
Publication date
01-12-2020
Publisher
BioMed Central
Published in
BMC Medical Informatics and Decision Making / Issue 1/2020
Electronic ISSN: 1472-6947
DOI
https://doi.org/10.1186/s12911-020-01209-8

Other articles of this Issue 1/2020

BMC Medical Informatics and Decision Making 1/2020 Go to the issue

Technical advance

A decision tree to improve identification of pathogenic mutations in clinical practice

Research article

The information imperative: to study the impact of informational discontinuity on clinical decision making among doctors

Research article

Application of data mining for predicting hemodynamics instability during pheochromocytoma surgery

Research article

Predicting the amputation risk for patients with diabetic foot ulceration – a Bayesian decision support tool

Research article

How to interact with medical terminologies? Formative usability evaluations comparing three approaches for supporting the use of MedDRA by pharmacovigilance specialists

Research article

Investigating the satisfaction level of physicians in regards to implementing medical Picture Archiving and Communication System (PACS)