IS security requirements identification from conceptual models in systems analysis and design: the Fun Fitness, Inc. Case

This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example o...

Full description

Saved in:
Bibliographic Details
Published in:Journal of information systems education 2013-03, Vol.24 (1), p.17
Main Authors: Spears, Janine L, Parrish, Jr., James L
Format: Article
Language:English
Subjects:
Access control
Access to information
Architecture
Compliance (Legal)
Computer Oriented Programs
Computer Software
Confidentiality
Course Content
Data integrity
Data security
Information Security
Information systems
Management
Methods
Network security
Regulatory compliance
Safety and security measures
Security management
Software
Studies
Systems analysis
Systems development
Teaching Methods
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, Fun & Fitness, in the process of updating its e-Commerce site for class registrations. The case illustrates how UML class diagrams can be used for information classification, data input validation, and regulatory compliance considerations; how a UML use case diagram can be transformed into a "misuse case" diagram to identify threats and countermeasures to functional use cases; and how a data flow diagram may be used to analyze and document threats and countermeasures to data stores, data flows, processes, and external entities using the STRIDE approach developed by Microsoft. The case is geared toward a systems analyst who does not have former training in IS security, and is suitable for upper-division undergraduate and graduate courses.
ISSN:1055-3096
2574-3872