To see the other types of publications on this topic, follow the link: Security Requirement Elicitation.
Journal articles on the topic 'Security Requirement Elicitation'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 40 journal articles for your research on the topic 'Security Requirement Elicitation.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
GUTIERREZ, C., E. FERNANDEZ-MEDINA, and M. PIATTINI. "Web Services-Based Security Requirement Elicitation." IEICE Transactions on Information and Systems E90-D, no. 9 (September 1, 2007): 1374–87. http://dx.doi.org/10.1093/ietisy/e90-d.9.1374.
Full text
2
Kumar, B. Sathis. "EVALUATION OF CAPTURING ARCHITECTURALLY SIGNIFICANT REQUIREMENTS." Asian Journal of Pharmaceutical and Clinical Research 10, no. 13 (April 1, 2017): 122. http://dx.doi.org/10.22159/ajpcr.2017.v10s1.19589.
Full textAbstract:
Every software development organization strives for customer satisfaction. It is universally accepted that the success of software development lies in the clear understanding of the client requirements. During requirement elicitation and analysis stage, the system analyst identifies the functional and non-functional requirements from the customer. Security, usability, reliability, performance, scalability and supportability are the significant quality attributes of a software system. These quality attributes are also referred as non-functional requirements. Only a few functional and quality attributes requirement help to identify and shape the software architecture. A software system’s architecture is the set of prime design decisions made about the system. If the requirement influences the architectural design decision then, it is referred as Architecturally Significant Requirement (ASR). Identifying and specifying all the possible ASR are important tasks in the requirement elicitation and analysis stage.In this research, general problems that are faced while capturing and specifying ASR in requirement elicitation and analysis is studied. Among the different requirement elicitation techniques, use case diagram has been identified and enhanced to solve the problem of capturing and specifying ASR during the requirement elicitation and analysis phase
3
Kumar, Devendra, Anil Kumar, and Laxman Singh. "Non-functional Requirements Elicitation in Agile Base Models." Webology 19, no. 1 (January 20, 2022): 1992–2018. http://dx.doi.org/10.14704/web/v19i1/web19135.
Full textAbstract:
The elicitation of non-functional and functional needs is one of the most critical jobs of a requirement engineer. This scenario involves the imposition of limits on non-functional needs, whereas functional requirements call for the operation of a system in order to carry out functionality. Over the last few years, agile software development approaches have gained widespread acceptance in the software industry as a problem-solving paradigm. Non-functional requirements (NFRs) are frequently cited as a point of contention in non-functional requirements (NFR) approaches. As well as functional requirements like speed and efficiency, security is desired, amongst a host of other things. Aspects like usability, security, and privacy must all be taken into account. Functional needs must be treated as though they were first-class under the current industry standard of practice. Functional requirements are distinguished from non-functional requirements by the fact that only implemented requirements can be evaluated. To give an example, this method attracts the attention of the system's end users to a critical defect in its architecture. Projects of this type frequently fail because to dissatisfaction among the target audience. If you'd like a great demonstration, consider the London Ambulance System. When dealing with non-compliance to the necessary degree of detail, it is feasible to raise the likelihood of software success this is the first study of its kind in its sector to bring attention to the most critical NFR issues. The problems that arise during the elicitation stage of requirement engineering in agile base models. It also outlines the techniques and strategies that are being considered. Proposed in the literature as a means of dealing with these problems.
4
Beckers, Kristian, Isabelle Côté, Ludger Goeke, Selim Güler, and Maritta Heisel. "A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain." International Journal of Secure Software Engineering 5, no. 2 (April 2014): 20–43. http://dx.doi.org/10.4018/ijsse.2014040102.
Full textAbstract:
Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. Therefore, the authors propose a structured, pattern-based method supporting eliciting security requirements and selecting security measures. The method guides potential cloud customers to model the application of their business case in a cloud computing context using a pattern-based approach. Thus, a potential cloud customer can instantiate our so-called Cloud System Analysis Pattern. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns and individual defined security requirement patterns, as well. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transfers the information from the instance to the security requirements patterns. In addition, they have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. The authors illustrate their method using an online-banking system as running example.
5
Rehman, Shafiq, and Volker Gruhn. "An Effective Security Requirements Engineering Framework for Cyber-Physical Systems." Technologies 6, no. 3 (July 12, 2018): 65. http://dx.doi.org/10.3390/technologies6030065.
Full textAbstract:
Context and motivation: Cyber-Physical Systems (CPSs) are gaining priority over other systems. The heterogeneity of these systems increases the importance of security. Both the developer and the requirement analyst must consider details of not only the software, but also the hardware perspective, including sensor and network security. Several models for secure software engineering processes have been proposed, but they are limited to software; therefore, to support the processes of security requirements, we need a security requirements framework for CPSs. Question/Problem: Do existing security requirements frameworks fulfil the needs of CPS security requirements? The answer is no; existing security requirements frameworks fail to accommodate security concerns outside of software boundaries. Little or even no attention has been given to sensor, hardware, network, and third party elements during security requirements engineering in different existing frameworks. Principal Ideas/results: We have proposed, applied, and assessed an incremental security requirements evolution approach, which configures the heterogeneous nature of components and their threats in order to generate a secure system. Contribution: The most significant contribution of this paper is to propose a security requirements engineering framework for CPSs that overcomes the issue of security requirements elicitation for heterogeneous CPS components. The proposed framework supports the elicitation of security requirements while considering sensor, receiver protocol, network channel issues, along with software aspects. Furthermore, the proposed CPS framework has been evaluated through a case study, and the results are shown in this paper. The results would provide great support in this research direction.
6
Faroom, Saeed. "A Review of Requirement Engineering Process Models, Tools & Methodologies." International Journal of Energetica 4, no. 1 (June 30, 2019): 44. http://dx.doi.org/10.47238/ijeca.v4i1.86.
Full textAbstract:
As we are living in the Era of Computer Science and almost all individuals and the organizations are completely relying on software systems. The requirement engineering is the most vital and important aspect in the success of any software engineering project. Requirement Engineering is a set of different process that works at different levels, which are incorporated at individual and organizational level Projects We need to consult different sources to find requirements. We need to involve personals from the different fields to find a set of quality requirements. The security issues undergoes as soon as early in the 1st phase of requirements. It is shown from the studies that if we consider Quality Process of Requirement Engineering at the phase it results in saving of million dollars. This paper contains the details study and comparison of different RE Process Models and Requirement Elicitation techniques. This paper elaborates the vital aspects of different Requirement Engineering Process models that help in the selection of appropriate model for the Requirement Engineers and practitioners working in the industry. This Paper also Focus on the giving a detailed view of Elicitation techniques and comparative study including the characteristics and their strengths and weakness. Some strengths and weakness found during detailed study are also structured and listed that is also the helpful for the Appropriate selection of RE Process model.
7
Vegendla, Aparna, Anh Nguyen Duc, Shang Gao, and Guttorm Sindre. "A Systematic Mapping Study on Requirements Engineering in Software Ecosystems." Journal of Information Technology Research 11, no. 1 (January 2018): 49–69. http://dx.doi.org/10.4018/jitr.2018010104.
Full textAbstract:
Software ecosystems (SECOs) and open innovation processes have been claimed as a way forward for the software industry. A proper understanding of requirements is as important for SECOs as for more traditional ones. This article presents a mapping study on the issues of RE and quality aspects in SECOs. Our findings indicate that among the various phases or subtasks of RE, most of the SECO specific research has been accomplished on elicitation, analysis, and modeling. On the other hand, requirement selection, prioritization, verification, and traceability has attracted few published studies. Among the various quality attributes, most of the SECOs research has been performed on security, performance and testability. On the other hand, reliability, safety, maintainability, transparency, usability attracted few published studies. The article provides a review of the academic literature about SECO-related RE activities, modeling approaches, and quality attributes, positions the source publications in a taxonomy of issues and identifies gaps where there has been little research.
8
ISSA, ATOUM. "REQUIREMENTS ELICITATION APPROACH FOR CYBER SECURITY SYSTEMS." i-manager’s Journal on Software Engineering 10, no. 3 (2016): 1. http://dx.doi.org/10.26634/jse.10.3.4898.
Full text
9
Matulevičius, Raimundas, Alex Norta, and Silver Samarütel. "Security Requirements Elicitation from Airline Turnaround Processes." Business & Information Systems Engineering 60, no. 1 (January 15, 2018): 3–20. http://dx.doi.org/10.1007/s12599-018-0518-4.
Full text
10
Schmitt, Christian, and Peter Liggesmeyer. "Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources." Complex Systems Informatics and Modeling Quarterly, no. 3 (July 30, 2015): 15–34. http://dx.doi.org/10.7250/csimq.2015-3.02.
Full text
11
Kavallieratos, Georgios, Sokratis Katsikas, and Vasileios Gkioulos. "SafeSec Tropos: Joint security and safety requirements elicitation." Computer Standards & Interfaces 70 (June 2020): 103429. http://dx.doi.org/10.1016/j.csi.2020.103429.
Full text
12
SAEKI, MOTOSHI, SHINPEI HAYASHI, and HARUHIKO KAIYA. "ENHANCING GOAL-ORIENTED SECURITY REQUIREMENTS ANALYSIS USING COMMON CRITERIA-BASED KNOWLEDGE." International Journal of Software Engineering and Knowledge Engineering 23, no. 05 (June 2013): 695–720. http://dx.doi.org/10.1142/s0218194013500174.
Full textAbstract:
Goal-oriented requirements analysis (GORA) is one of the promising techniques to elicit software requirements, and it is natural to consider its application to security requirements analysis. In this paper, we proposed a method for goal-oriented security requirements analysis using security knowledge which is derived from several security targets (STs) compliant to Common Criteria (CC, ISO/IEC 15408). We call such knowledge security ontology for an application domain (SOAD). Three aspects of security such as confidentiality, integrity and availability are included in the scope of our method because the CC addresses these three aspects. We extract security-related concepts such as assets, threats, countermeasures and their relationships from STs, and utilize these concepts and relationships for security goal elicitation and refinement in GORA. The usage of certificated STs as knowledge source allows us to reuse efficiently security-related concepts of higher quality. To realize our proposed method as a supporting tool, we use an existing method GOORE (goal-oriented and ontology-driven requirements elicitation method) combining with SOAD. In GOORE, terms and their relationships in a domain ontology play an important role of semantic processing such as goal refinement and conflict identification. SOAD is defined based on concepts in STs. In contrast with other goal-oriented security requirements methods, the knowledge derived from actual STs contributes to eliciting security requirements in our method. In addition, the relationships among the assets, threats, objectives and security functional requirements can be directly reused for the refinement of security goals. We show an illustrative example to show the usefulness of our method and evaluate the method in comparison with other goal-oriented security requirements analysis methods.
13
Foley, Simon N., and Vivien Rooney. "A grounded theory approach to security policy elicitation." Information & Computer Security 26, no. 4 (October 8, 2018): 454–71. http://dx.doi.org/10.1108/ics-12-2017-0086.
Full textAbstract:
Purpose In this paper, the authors consider how qualitative research techniques that are used in applied psychology to understand a person’s feelings and needs provides a means to elicit their security needs. Design/methodology/approach Recognizing that the codes uncovered during a grounded theory analysis of semi-structured interview data can be interpreted as policy attributes, the paper develops a grounded theory-based methodology that can be extended to elicit attribute-based access control style policies. In this methodology, user-participants are interviewed and machine learning is used to build a Bayesian network-based policy from the subsequent (grounded theory) analysis of the interview data. Findings Using a running example – based on a social psychology research study centered around photograph sharing – the paper demonstrates that in principle, qualitative research techniques can be used in a systematic manner to elicit security policy requirements. Originality/value While in principle qualitative research techniques can be used to elicit user requirements, the originality of this paper is a systematic methodology and its mapping into what is actionable, that is, providing a means to generate a machine-interpretable security policy at the end of the elicitation process.
14
Weber, Stefan G., and Prima Gustiené. "Crafting Requirements for Mobile and Pervasive Emergency Response based on Privacy and Security by Design Principles." International Journal of Information Systems for Crisis Response and Management 5, no. 2 (April 2013): 1–18. http://dx.doi.org/10.4018/jiscrm.2013040101.
Full textAbstract:
According to fundamental principles of the Privacy by Design approach, the consultation of privacy issues should be embedded into analysis and design of information systems, from the early stages of system planning to implementation. In this article, the authors extend this perspective towards Privacy and Security by Design. Exemplary focusing on mobile and pervasive emergency response, as a specific area of the emergency management domain, this article conveys how the early requirements elicitation can be supported by a semantically integrated conceptual modeling method. Presenting the results of the exemplary executed elicitation processes, it contributes a concrete set of security and privacy requirements for mobile and pervasive emergency response settings. By also taking into account conflicting security goals, this article provides a substantial grounding for the development and deployment of multilaterally secure pervasive ICT that effectively supports emergency management during and in the aftermath of critical response missions.
15
Raspotnig, Christian, Peter Karpati, and Andreas L. Opdahl. "Combined Assessment of Software Safety and Security Requirements." Journal of Cases on Information Technology 20, no. 1 (January 2018): 46–69. http://dx.doi.org/10.4018/jcit.2018010104.
Full textAbstract:
Safety is a fundamental concern in modern society, and security is a precondition for safety. Ensuring safety and security of complex integrated systems requires a coordinated approach that involve different stakeholder groups going beyond safety and security experts and system developers. The authors have therefore proposed CHASSIS (Combined Harm Assessment of Safety and Security for Information Systems), a method for collaborative determination of requirements for safe and secure systems. In this article, the authors evaluate CHASSIS through industrial case studies of two small-to-medium sized suppliers to the air-traffic management (ATM) sector. The results suggest that CHASSIS is easy to use, and that handling safety and security together provides benefits because techniques, information, and knowledge can be reused. The authors conclude that further exploration and development of CHASSIS is worthwhile, but that better documentation is needed—including more detailed process guidelines—to support elicitation of security and safety requirements and to systematically relate them to functional requirements.
16
Saikayasit, Rose, Alex W. Stedmon, and Glyn Lawson. "User Requirements Elicitation in Security and Counter-Terrorism: A Human Factors Approach." Journal of Police and Criminal Psychology 28, no. 2 (June 19, 2013): 162–70. http://dx.doi.org/10.1007/s11896-013-9129-7.
Full text
17
Arogundade, O. T., A. T. Akinwale, Z. Jin, and X. G. Yang. "A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements." International Journal of Information Security and Privacy 5, no. 4 (October 2011): 8–30. http://dx.doi.org/10.4018/jisp.2011100102.
Full textAbstract:
This paper proposes an enhanced use-misuse case model that allows both safety and security requirements to be captured during requirements elicitation. The proposed model extends the concept of misuse case by incorporating vulnerable use case and abuse case notations and relations that allows understanding and modeling different attackers and abusers behaviors during early stage of system development life cycle and finishes with a practical consistent combined model for engineering safety and security requirements.The model was successfully applied using health care information system gathered through the university of Kansas HISPC project. The authors were able to capture both security and safety requirements necessary for effective functioning of the system. In order to enhance the integration of the proposed model into risk analysis, the authors give both textual and detailed description of the model. The authors compare the proposed approach with other existing methods that identify and analyze safety and security requirements and discovered that it captures more security and safety threats.
18
Andrade, Roberto, Jenny Torres, Iván Ortiz-Garcés, Jorge Miño, and Luis Almeida. "An Exploratory Study Gathering Security Requirements for the Software Development Process." Electronics 12, no. 17 (August 25, 2023): 3594. http://dx.doi.org/10.3390/electronics12173594.
Full textAbstract:
Software development stands out as one of the most rapidly expanding markets due to its pivotal role in crafting applications across diverse sectors like healthcare, transportation, and finance. Nevertheless, the sphere of cybersecurity has also undergone substantial growth, underscoring the escalating significance of software security. Despite the existence of different secure development frameworks, the persistence of vulnerabilities or software errors remains, providing potential exploitation opportunities for malicious actors. One pivotal contributor to subpar security quality within software lies in the neglect of cybersecurity requirements during the initial phases of software development. In this context, the focal aim of this study is to analyze the importance of integrating security modeling by software developers into the elicitation processes facilitated through the utilization of abuse stories. To this end, the study endeavors to introduce a comprehensive and generic model for a secure software development process. This model inherently encompasses critical elements such as new technologies, human factors, and the management of security for the formulation of abuse stories and their integration within Agile methodological processes.
19
Faily, Shamal. "Engaging stakeholders during late stage security design with assumption personas." Information & Computer Security 23, no. 4 (October 12, 2015): 435–46. http://dx.doi.org/10.1108/ics-10-2014-0066.
Full textAbstract:
Purpose – This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system’s design. Design/methodology/approach – The author has devised an approach for developing assumption personas for use in participatory design sessions during the later stages of a system’s design. The author validates this approach using a case study in the e-Science domain. Findings – Engagement follows by focusing on the indirect, rather than direct, implications of security. More design approaches are needed for treating security at a comparatively late stage. Security design techniques should scale to working with sub-optimal input data. Originality/value – This paper contributes an approach where assumption personas engage project team members when eliciting and specifying security requirements at the late stages of a project.
20
Zareen, Saima, Adeel Akram, and Shoab Ahmad Khan. "Security Requirements Engineering Framework with BPMN 2.0.2 Extension Model for Development of Information Systems." Applied Sciences 10, no. 14 (July 20, 2020): 4981. http://dx.doi.org/10.3390/app10144981.
Full textAbstract:
With recent advancements of technologies such as Internet of Things and cloud computing, security of information systems has emerged as a critical issue. This has created a need for elicitation and analysis of the security requirements at an early stage of system development. These requirements should also be expressed using visual notations that can encapsulate the vision of different stakeholders related to security. While business process management notation (version 2.0.2) is a widely used graphical representation for business requirements and makes it easier to define and communicate business processes between different stakeholders of the system. Moreover, extension mechanisms are available to model the specific needs of an organization. Due to its flexible structure for defining new extensions, it can be adapted to model security requirements in the information system (IS). Towards this, we propose a threat profile security framework to define the security requirements of manufacturing systems for businesses, which are at a stage of infancy to adapt or evolve the IS with the changing needs of a business environment. In particular, the framework is modeled by extending Business Process Management Notation and is applied in a manufacturing industry process at the shop floor level. We show through a case study example that the threat goal-based framework is broader and, hence, covers a majority of security concerns of organizations.
21
Kalloniatis, Christos, Costas Lambrinoudakis, Mathias Musahl, Athanasios Kanatas, and Stefanos Gritzalis. "Incorporating privacy by design in body sensor networks for medical applications: A privacy and data protection framework." Computer Science and Information Systems, no. 00 (2020): 57. http://dx.doi.org/10.2298/csis200922057k.
Full textAbstract:
Privacy and Data protection are highly complex issues within eHealth/M-Health systems. These systems should meet specific requirements deriving from the organizations and users, as well as from the variety of legal obligations deriving from GDPR that dictate protection rights of data subjects and responsibilities of data controllers. To address that, this paper proposes a Privacy and Data Protection Framework that provides the appropriate steps so as the proper technical, organizational and procedural measures to be undertaken. The framework, beyond previous literature, supports the combination of privacy by design principles with the newly introduced GDPR requirements in order to create a strong elicitation process for deriving the set of the technical security and privacy requirements that should be addressed. It also proposes a process for validating that the elicited requirements are indeed fulfilling the objectives addressed during the Data Protection Impact Assessment (DPIA), carried out according to the GDPR.
22
Adee, Rose, and Haralambos Mouratidis. "A Dynamic Four-Step Data Security Model for Data in Cloud Computing Based on Cryptography and Steganography." Sensors 22, no. 3 (February 1, 2022): 1109. http://dx.doi.org/10.3390/s22031109.
Full textAbstract:
Cloud computing is a rapidly expanding field. It allows users to access computer system resources as needed, particularly data storage and computational power, without managing them directly. This paper aims to create a data security model based on cryptography and steganography for data in cloud computing that seeks to reduce existing security and privacy concerns, such as data loss, data manipulation, and data theft. To identify the problem and determine its core cause, we studied various literature on existing cloud computing security models. This study utilizes design science research methodology. The design science research approach includes problem identification, requirements elicitation, artifact design and development, demonstration, and assessment. Design thinking and the Python programming language are used to build the artifact, and discussion about its working is represented using histograms, tables, and algorithms. This paper’s output is a four-step data security model based on Rivest–Shamir–Adleman, Advanced Encryption Standard, and identity-based encryption algorithms alongside Least Significant Bit steganography. The four steps are data protection and security through encryption algorithms, steganography, data backup and recovery, and data sharing. This proposed approach ensures more cloud data redundancy, flexibility, efficiency, and security by protecting data confidentiality, privacy, and integrity from attackers.
23
Argyropoulos, Nikolaos, Konstantinos Angelopoulos, Haralambos Mouratidis, and Andrew Fish. "Risk-aware decision support with constrained goal models." Information & Computer Security 26, no. 4 (October 8, 2018): 472–90. http://dx.doi.org/10.1108/ics-01-2018-0010.
Full textAbstract:
Purpose The selection of security configurations for complex information systems is a cumbersome process. Decision-making regarding the choice of security countermeasures has to take into consideration a multitude of, often conflicting, functional and non-functional system goals. Therefore, a structured method to support crucial security decisions during a system’s design that can take account of risk whilst providing feedback on the optimal decisions within specific scenarios would be valuable. Design/methodology/approach Secure Tropos is a well-established security requirements engineering methodology, but it has no concepts of Risk, whilst Constrained Goal Models are an existing method to support relevant automated reasoning tasks. Hence we bridge these methods, by extending Secure Tropos to incorporate the concept of Risk, so that the elicitation and analysis of security requirements can be complimented by a systematic risk assessment process during a system’s design time and supporting the reasoning regarding the selection of optimal security configurations with respect to multiple system objectives and constraints, via constrained goal models. Findings As a means of conceptual evaluation, to give an idea of the applicability of the approach and to check if alterations may be desirable, a case study of its application to an e-government information system is presented. The proposed approach is able to generate security mechanism configurations for multiple optimisation scenarios that are provided, whilst there are limitations in terms of a natural trade-off of information levels of risk assessment that are required to be elicited. Originality/value The proposed approach adds additional value via its flexibility in permitting the consideration of different optimisation scenarios by prioritising different system goals and the automated reasoning support.
24
Tsohou, Aggeliki, Emmanouil Magkos, Haralambos Mouratidis, George Chrysoloras, Luca Piras, Michalis Pavlidis, Julien Debussche, Marco Rotoloni, and Beatriz Gallego-Nicasio Crespo. "Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform." Information & Computer Security 28, no. 4 (April 16, 2020): 531–53. http://dx.doi.org/10.1108/ics-01-2020-0002.
Full textAbstract:
Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing personal data protection. Even though GDPR leads toward many advantages for the data subjects it turned out to be a significant challenge. Organizations need to implement long and complex changes to become GDPR compliant. Data subjects are empowered with new rights, which, however, they need to become aware of. GDPR compliance is a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of data governance for supporting GDPR (DEFeND) EU project is to deliver such a platform. The purpose of this paper is to describe the process, within the DEFeND EU project, for eliciting and analyzing requirements for such a complex platform. Design/methodology/approach The platform needs to satisfy legal and privacy requirements and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, the authors describe the methodology for eliciting and analyzing requirements for such a complex platform, by analyzing data attained by stakeholders from different sectors. Findings The findings provide the process for the DEFeND platform requirements’ elicitation and an indicative sample of those. The authors also describe the implementation of a secondary process for consolidating the elicited requirements into a consistent set of platform requirements. Practical implications The proposed software engineering methodology and data collection tools (i.e. questionnaires) are expected to have a significant impact for software engineers in academia and industry. Social implications It is reported repeatedly that data controllers face difficulties in complying with the GDPR. The study aims to offer mechanisms and tools that can assist organizations to comply with the GDPR, thus, offering a significant boost toward the European personal data protection objectives. Originality/value This is the first paper, according to the best of the authors’ knowledge, to provide software requirements for a GDPR compliance platform, including multiple perspectives.
25
Marques, Johnny, and Adilson Marques da Cunha. "ARES: An Agile Requirements Specification Process for Regulated Environments." International Journal of Software Engineering and Knowledge Engineering 29, no. 10 (October 2019): 1403–38. http://dx.doi.org/10.1142/s021819401950044x.
Full textAbstract:
Agile methods have provided significant contributions to Software Engineering. This work presents a new process for Software Requirements Specification, integrating Agile Properties and regulated environments, such as aviation, medical, nuclear and automotive, among others. The Software in Regulated Environments (SRE) involves plan-driven methods with needed documentation to ensure safety, reliability, security, and discipline. This paper proposes a balance between agile and plan-driven methods. We define a new process, which explores and investigates the usage of agile methods in SRE. The scope of this paper is Requirements Engineering, which is considered as a set of activities involved in the management, elicitation, documentation, and maintenance of requirements. The Adile Requirements Specification (ARES) process contains four methods, 13 activities, and some required artifacts to ensure compliance with the following six relevant Software Standards for regulated environments: RTCA DO-178C, IEC 62304:2015, ECSS-E-ST-40C, IEC 61508-3, ISO/IEC/IEEE 12207, and IAEA SSG-39. The process evaluation was performed using two experiments: a Cockpit Display System (CDS) and a Healthcare Information System (HIS). These experiments were measured with appropriate metrics to ensure improvements in Software Requirements Specification and traceability among artifacts. The experimental results revealed that the ARES process works better than the original Scrum for Software in Regulated Environments. The ARES process can also be integrated with traditional software life cycles (Waterfall, V, and Incremental and Iterative), when applied in the Requirements Engineering phase.
26
Ghufron, Kharisma Muzaki, Wahyu Andhyka Kusuma, and Fauzan Fauzan. "PENGGUNAAN USER PERSONA UNTUK EVALUASI DAN MENINGKATKAN EKSPEKTASI PENGGUNA DALAM KEBUTUHAN SISTEM INFORMASI AKADEMIK." SINTECH (Science and Information Technology) Journal 3, no. 2 (October 28, 2020): 90–99. http://dx.doi.org/10.31598/sintechjournal.v3i2.587.
Full textAbstract:
Human-Computer Interaction (HCI) is a scientific field to determine user characteristics or so-called persona. HCI describes a system that must be easy to use, provides security to users, easy to learn and has usability. The purpose of the study was conducted to obtain various perspectives on the use of software in the InfoKHS University of Muhammadiyah Malang (UMM) academic system according to user characteristics so that the design of software requirements is expected to be representative of various types of users. The HCI assessment is carried out in software development (SD) focusing on the elicitation of needs. Focus on using user methods. As an analysis of user needs. Qualitative data were analyzed based on country hypotheses obtained for the first time in this research phase. In this study, a User Persona was done with an iterative method to ensure each phase was validated. The results show that iterations are needed several times to get the use of detailed cases diagram of each user's needs.
27
CALVANESE, DIEGO, MARCO MONTALI, MARLON DUMAS, and FABRIZIO M. MAGGI. "Semantic DMN: Formalizing and Reasoning About Decisions in the Presence of Background Knowledge." Theory and Practice of Logic Programming 19, no. 04 (January 18, 2019): 536–73. http://dx.doi.org/10.1017/s1471068418000479.
Full textAbstract:
AbstractThe Decision Model and Notation (DMN) is a recent Object Management Group standard for the elicitation and representation of decision models and for managing their interconnection with business processes. DMN builds on the notion of decision tables and their combination into more complex decision requirements graphs (DRGs), which bridge between business process models and decision logic models. DRGs may rely on additional, external business knowledge models, whose functioning is not part of the standard. In this work, we consider one of the most important types of business knowledge, namely, background knowledge that conceptually accounts for the structural aspects of the domain of interest, and propose decision knowledge bases (DKBs), which semantically combine DRGs modeled in DMN, and domain knowledge captured by means of first-order logic with datatypes. We provide a logic-based semantics for such an integration, and formalize different DMN reasoning tasks for DKBs. We then consider background knowledge formulated as a description logic (DL) ontology with datatypes, and show how the main verification tasks for DMN in this enriched setting can be formalized as standard DL reasoning services and actually carried out in ExpTime. We discuss the effectiveness of our framework on a case study in maritime security.
28
Vargas, Cyntia, Jens Bürger, Fabien Viertel, Birgit Vogel-Heuser, and Jan Jürjens. "System evolution through semi-automatic elicitation of security requirements: A Position Paper ⁎ ⁎Research supported by the DFG (German Research Foundation) in Priority Programme SPP1593: Design for Future - Managed Software Evolution (VO 937/20-2 and JU 2734/2-2)." IFAC-PapersOnLine 51, no. 10 (2018): 64–69. http://dx.doi.org/10.1016/j.ifacol.2018.06.238.
Full text
29
Majore, Ginta. "ENTERPRISE MODELLING METHODOLOGY FOR SOCIO-CYBER-PHYSICAL SYSTEMS DESIGN: CASE FROM CYBERSECURITY EDUCATION AND CLIMATE-SMART AGRICULTURE." SOCIETY. TECHNOLOGY. SOLUTIONS. Proceedings of the International Scientific Conference 2 (April 8, 2022): 4. http://dx.doi.org/10.35363/via.sts.2022.74.
Full textAbstract:
INTRODUCTION
The incorporation of various aspects and requirements in socio-cyber-physical (STP) system simulation modelling drives challenges for the application of appropriate methodology and visualisation. The research problem lies in the multi-dimensionality and complexity of these systems. According to information science, the definition of STP implies an understanding of how digital information interacts with and transforms the physical world (which compromises both natural and manmade materials) (Rijswijk et al., 2021). The multi-dimensionality of these system authors is expressed in: 1) time (historical and actual data, future predictions, and continuous updating based on simulation modelling results) (Frazzon et al., 2020); 2) the physical world and its digital representation (Rijswijk et al., 2021); 3) the change in social practices by the influence of the cyber world (Skarga-Bandurova et al., n.d.). All the above-mentioned factors have to be reflected within the comprehensive simulation model.
The author’s proposed hypothesis is: the application of multi-scalability and multi-dimensionality within the enterprise modelling approach provides the opportunity to develop a comprehensive model for socio-cyber-physical systems.
The enterprise modelling method provides an excellent background for case studies and the application of the modern Living Lab approach for socio-cyber-physical systems design. But a research gap exists in contextual modelling for the particular solution. It means that for various cases there is specific contextual information that has to be described and taken into account in order to reach the main goal. The author proposes an extension of 4EM methodology for application in two various cases: 1) development of methodology for cybersecurity education; and 2) requirements for the definition of a climate-smart agriculture solution for farmers.
MATERIALS AND METHODS
Method: application of enterprise modelling methodology for 2 various cases: 1. climate-smart agriculture; 2. methodology development for advancing cyber security competencies.
EM consists of 6 inter-related models (Stirna & Persson, 2018):
Goal model, which in general defines the objectives of a company and its problems
in reaching such goals and implementing business processes;
Business law model, which describes the laws that have to be complied with in reaching the goals set and/or implementing business processes or rules in a particular context;
Concept model, which explains concepts used in other models;
Business process model, which generally describes processes to be implemented for reaching the goals and functionality tool;
Actor and resource model, which in general includes the required human resources and material-technical resources for implementing business processes or a particular user;
The model of technical components and requirements, which in general describes the provision of software and hardware for business process implementation, as well as how to reach the goals set and functions of a new remote communication tool.
The model development process was conducted according to methodology requirements in the following steps: 1) expert interview before the modelling session; 2) modelling session; 3) model justification within the expert group.
RESULTS
Results shows that 4EM methodology is an effective methodology for case analysis in uncertain situations and where the solution is not obvious. It brings new insight for the proposed situation and explicitly describes the innovative solution.
The outcome of the modelling sessions conducted was the development of models with incorporated stakeholder needs and requirements. The advantage of the application of 4EM methodology is simplicity and comprehensiveness at the same time. Methodology provides flexibility in a situational analysis and definition of sub-models, which supports the proposed case need and stakeholders’ view and ideas. The iterative model design process provides an effective Living Lab approach for stakeholder community building and a snowball effect in engagement.
DISCUSSION
A discussion point regarding 4EM methodology is its completeness and how detailed the description of models and developed sub-models have to be. The application of 4EM in two various cases proves the hypothesis that methodology can be applied as an effective tool for community building within Living Lab.
Future work is related to the incorporation of technological solution and pattern design for the more effective elicitation of requirements.
CONCLUSIONS
The 4EM model has been developed, summarising the requirements and different aspects in using emerging technologies in various situations. It also includes aspects such as social, technological and security factors. Actors and goals have been defended, and important components recognised. Security capabilities and context elements have been determined according to the goal model. Several threats and problems have been identified. The advantage of this model is that the authors formulate technical requirements according to the set context. This approach is a new addition to the existing 4EM process.
ACKNOWLEDGEMENT
Research is partly supported by European Commission Horizon 2020 programme funding by the project ‘reSilienT fARminG by Adaptive microclimaTemanagEment’ — STARGATE No. 818187 and partly by the “Advancing Human Performance in Cybersecurity”, ADVANCES, benefits from a nearly € 1 million grant from Iceland, Liechtenstein and Norway through the EEA Grants. The aim of the project is to advance the performance of cybersecurity specialists by personalising the competence development path and risk assessment. Project contract with the Research Council of Lithuania (LMTLT) No. S-BMT-21-6 (LT08-2-LMT-K-01-051).
30
Majore, Ginta. "ENTERPRISE MODELLING METHODOLOGY FOR SOCIO-CYBER-PHYSICAL SYSTEMS DESIGN: CASE FROM CYBERSECURITY EDUCATION AND CLIMATE-SMART AGRICULTURE." SOCIETY. TECHNOLOGY. SOLUTIONS. Proceedings of the International Scientific Conference 2 (April 8, 2022): 4. http://dx.doi.org/10.35363/via.sts.2022.74.
Full textAbstract:
INTRODUCTION
The incorporation of various aspects and requirements in socio-cyber-physical (STP) system simulation modelling drives challenges for the application of appropriate methodology and visualisation. The research problem lies in the multi-dimensionality and complexity of these systems. According to information science, the definition of STP implies an understanding of how digital information interacts with and transforms the physical world (which compromises both natural and manmade materials) (Rijswijk et al., 2021). The multi-dimensionality of these system authors is expressed in: 1) time (historical and actual data, future predictions, and continuous updating based on simulation modelling results) (Frazzon et al., 2020); 2) the physical world and its digital representation (Rijswijk et al., 2021); 3) the change in social practices by the influence of the cyber world (Skarga-Bandurova et al., n.d.). All the above-mentioned factors have to be reflected within the comprehensive simulation model.
The author’s proposed hypothesis is: the application of multi-scalability and multi-dimensionality within the enterprise modelling approach provides the opportunity to develop a comprehensive model for socio-cyber-physical systems.
The enterprise modelling method provides an excellent background for case studies and the application of the modern Living Lab approach for socio-cyber-physical systems design. But a research gap exists in contextual modelling for the particular solution. It means that for various cases there is specific contextual information that has to be described and taken into account in order to reach the main goal. The author proposes an extension of 4EM methodology for application in two various cases: 1) development of methodology for cybersecurity education; and 2) requirements for the definition of a climate-smart agriculture solution for farmers.
MATERIALS AND METHODS
Method: application of enterprise modelling methodology for 2 various cases: 1. climate-smart agriculture; 2. methodology development for advancing cyber security competencies.
EM consists of 6 inter-related models (Stirna & Persson, 2018):
Goal model, which in general defines the objectives of a company and its problems
in reaching such goals and implementing business processes;
Business law model, which describes the laws that have to be complied with in reaching the goals set and/or implementing business processes or rules in a particular context;
Concept model, which explains concepts used in other models;
Business process model, which generally describes processes to be implemented for reaching the goals and functionality tool;
Actor and resource model, which in general includes the required human resources and material-technical resources for implementing business processes or a particular user;
The model of technical components and requirements, which in general describes the provision of software and hardware for business process implementation, as well as how to reach the goals set and functions of a new remote communication tool.
The model development process was conducted according to methodology requirements in the following steps: 1) expert interview before the modelling session; 2) modelling session; 3) model justification within the expert group.
RESULTS
Results shows that 4EM methodology is an effective methodology for case analysis in uncertain situations and where the solution is not obvious. It brings new insight for the proposed situation and explicitly describes the innovative solution.
The outcome of the modelling sessions conducted was the development of models with incorporated stakeholder needs and requirements. The advantage of the application of 4EM methodology is simplicity and comprehensiveness at the same time. Methodology provides flexibility in a situational analysis and definition of sub-models, which supports the proposed case need and stakeholders’ view and ideas. The iterative model design process provides an effective Living Lab approach for stakeholder community building and a snowball effect in engagement.
DISCUSSION
A discussion point regarding 4EM methodology is its completeness and how detailed the description of models and developed sub-models have to be. The application of 4EM in two various cases proves the hypothesis that methodology can be applied as an effective tool for community building within Living Lab.
Future work is related to the incorporation of technological solution and pattern design for the more effective elicitation of requirements.
CONCLUSIONS
The 4EM model has been developed, summarising the requirements and different aspects in using emerging technologies in various situations. It also includes aspects such as social, technological and security factors. Actors and goals have been defended, and important components recognised. Security capabilities and context elements have been determined according to the goal model. Several threats and problems have been identified. The advantage of this model is that the authors formulate technical requirements according to the set context. This approach is a new addition to the existing 4EM process.
ACKNOWLEDGEMENT
Research is partly supported by European Commission Horizon 2020 programme funding by the project ‘reSilienT fARminG by Adaptive microclimaTemanagEment’ — STARGATE No. 818187 and partly by the “Advancing Human Performance in Cybersecurity”, ADVANCES, benefits from a nearly € 1 million grant from Iceland, Liechtenstein and Norway through the EEA Grants. The aim of the project is to advance the performance of cybersecurity specialists by personalising the competence development path and risk assessment. Project contract with the Research Council of Lithuania (LMTLT) No. S-BMT-21-6 (LT08-2-LMT-K-01-051).
31
"Quantitative Analysis of Requirement Elicitation Techniques through FANP: Security Perspective." International Journal of Recent Technology and Engineering 8, no. 5 (January 30, 2020): 3550–58. http://dx.doi.org/10.35940/ijrte.e6402.018520.
Full textAbstract:
The last few decades have shown an incredible rise in the production of different types of software according to the user’s needs. Requirement Elicitation techniques for security requirements are one of the most crucial stage of software development life cycle. Based on the Analytical Network Process (ANP) process, this paper analyzes the weighting of elicitation techniques for security requirements in the production of software applications. In other words, the elicitation strategies of security requirements play an important role in the development of secure software. It also analyzes the relationship between security requirement elicitation techniques and their objectives through the use of ANP method and also demonstrates the application of fuzzy ANP method to achieve higher accuracy. When developing a secure software framework, the results provide a better platform. With these facts in mind, the proposed study will also clarify the priority weights of security requirement elicitation techniques that can be used to analyze trade-offs between competing software security requirement elicitation techniques and provide a new way for developers when constructing the secure software.
32
"Optimizing the Impact of Security Attributes in Requirement Elicitation Techniques using FAHP." International Journal of Innovative Technology and Exploring Engineering 9, no. 4 (February 10, 2020): 1656–61. http://dx.doi.org/10.35940/ijitee.d1213.029420.
Full textAbstract:
Software security is a key issue in the domain of software engineering which attracts attention from both the industry and academia. Besides, due to the massive investment in software development, security is in much demand. The selection of appropriate software development model is an increasingly challenging task. Security attributes play a vital role while designing security during software development. Each attribute has its importance during requirement elicitation procedure. This is based upon the user’s demand, organization resources, and sensitivity of the information. Hence, developers should understand the significance of each attribute while collecting the user requirements for developing software. In this paper, authors have proposed an approach for prioritization of these attributes using the Fuzzy Analytic Hierarchy Process (Fuzzy AHP) method. A literature survey reveals that critical security attributes such as Integrity, confidentiality, Authentication, Effectiveness, Availability, Access Control and Authorization. This will help developers to improve software security for longer
33
"Detection of Vulnerability Injection Point in Software Development Lifecycle for Effective Countermeasures." International Journal of Engineering and Advanced Technology 9, no. 3 (February 29, 2020): 2715–21. http://dx.doi.org/10.35940/ijeat.c6045.029320.
Full textAbstract:
This paper takes a deeper look at data breach, its causes and the linked vulnerability aspects in the application development lifecycle. Further, the Vulnerabilities are mapped to the software development life cycle (SDLC) involving requirement elicitation, design, development, testing and deployment phases. Being aware of exact SDLC life cycle where the vulnerabilities are injected, suitable security practices (countermeasures) can be adopted in delivery methodology, which can control the eventual data breaches and safeguard the application from security perspective. Our research focuses on Evolution of Vulnerabilities through the application development life cycle, and we have leveraged “Inverted Tree Structure/Attack Tree” and “Affinity Principles” to map the vulnerabilities to right Software Development Life Cycle.
34
Matulevičius, Raimundas, and Naved Ahmed. "Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns." it – Information Technology 55, no. 6 (January 1, 2013). http://dx.doi.org/10.1515/itit.2013.2002.
Full textAbstract:
AbstractAlthough importance of aligning modelling of business processes and security is growing, there is rather limited research performed on elicitation of security requirements from the business processes. In this paper we discuss how security risk-oriented patterns could help solving the above problem. Using the illustrative example, we present a two-step method for (i) pattern occurrence discovery in, and (ii) for security requirements definition from the business process model. We hope that our proposal could help elicit security requirements at the early system development stages, however, we still need to validate it empirically.
35
"Secure MEReq: A Tool Support to Check for Completeness of Security Requirements." International Journal of Recent Technology and Engineering 8, no. 2S11 (November 2, 2019): 768–71. http://dx.doi.org/10.35940/ijrte.b1125.0982s1119.
Full textAbstract:
Quality security requirements help secure software development to succeed. While considerable research can be discovered in the field of demands elicitation, less attention has been paid to the writing of full security specifications. The demands engineers (REs) are still challenged and tedious in implementing and reporting full safety needs derived from Natural language. This is due to their tendency to misunderstand the real needs and the security terms used by inexperienced REs leading to incomplete security requirements. Motivated from these problems, we have developed a prototype tool, called SecureMEReq to improve the writing of complete security requirements. This tool provides four important key-features, which are (1) extraction of template-based components from client-stakeholders; (2) analysis of template-based density from SRCLib; (3) analysis of requirements syntax density from SecLib; and (4) analysis of completeness prioritization. To do this, we used our pattern libraries: SecLib and SRCLib to support the automation process of elicitation, especially in writing the security requirements. Our evaluation results show that our prototype tool is capable to facilitate the writing of complete security requirements and useful in assisting the REs to elicit the security requirements.
36
Hibshi, Hanan, Stephanie Jones, and Travis Breaux. "A Systemic Approach for Natural Language Scenario Elicitation of Security Requirements." IEEE Transactions on Dependable and Secure Computing, 2021, 1. http://dx.doi.org/10.1109/tdsc.2021.3103109.
Full text
37
Saleh, Emam, and Fahd ElShahrani. "Extracting Functional and Non-Functional Requirements for E-learning Systems." International Journal of Educational Sciences and Arts 2, no. 5 (2023). http://dx.doi.org/10.59992/ijesa.2023.v2n5p3.
Full textAbstract:
Extracting functional & non-functional requirements is a basic step in software development. The process of requirements engineering includes seven main activities Elicitation, Negotiation, Specification, Modeling, Verification & Validation, Management, and Traceability, this study focuses on requirements engineering in E-learning systems to be performed in all educational systems. Non-functional requirements are considered more critical than functional requirements because the non-functional requirements can affect all the systems and some of non-functional requirements may become functional requirements like security. So, hoping that this constructed study is going to help the developers of the system to understand the requirements to build E-learning systems, especially in higher educational institutions.
38
Daun, Marian, Alicia M. Grubb, Viktoria Stenkova, and Bastian Tenbergen. "A systematic literature review of requirements engineering education." Requirements Engineering, May 19, 2022. http://dx.doi.org/10.1007/s00766-022-00381-9.
Full textAbstract:
AbstractRequirements engineering (RE) has established itself as a core software engineering discipline. It is well acknowledged that good RE leads to higher quality software and considerably reduces the risk of failure or budget-overspending of software development projects. It is of vital importance to train future software engineers in RE and educate future requirements engineers to adequately manage requirements in various projects. To this date, there exists no central concept of what RE education shall comprise. To lay a foundation, we report on a systematic literature review of the field and provide a systematic map describing the current state of RE education. Doing so allows us to describe how the educational landscape has changed over the last decade. Results show that only a few established author collaborations exist and that RE education research is predominantly published in venues other than the top RE research venues (i.e., in venues other than the RE conference and journal). Key trends in RE instruction of the past decade include involvement of real or realistic stakeholders, teaching predominantly elicitation as an RE activity, and increasing student factors such as motivation or communication skills. Finally, we discuss open opportunities in RE education, such as training for security requirements and supply chain risk management, as well as developing a pedagogical foundation grounded in evidence of effective instructional approaches.
39
Bagriyanik, Selami, and Adem Karahoca. "Big data in software engineering: A systematic literature review." Global Journal of Information Technology 6, no. 1 (March 15, 2016). http://dx.doi.org/10.18844/gjit.v6i1.397.
Full textAbstract:
Purpose of Study: We investigate the big data studies using batch and/or streaming data generated in the process of software development lifecycle. All phases of application development phases are in our scope including but not limited to elicitation, requirements analysis, design, software implementation, version control management, unit / functional / regression / automated / performance / stress test, release management, application log monitoring, application usage monitoring, user complaint management, security and compliance management and software problem management.Methods: We use a systematic literature review methodology used in Software Engineering studies to find and analyse the related studies published from January 2010 to October 2015. We synthesize the quantitative and qualitative outputs of selected papers and report the results.Findings and Results: In general, there are scarce studies in the literature. However there are relatively more papers regarding some areas such as Software Quality, Development, Project Management and Human Computer Interaction. However research in some fields such as Deployment, Requirements Engineering, Release Management and Mobile Applications were relatively less. Conclusions & Recommendations: More studies are required to identify the use cases, data attributes, measurements, platform requirements especially in the fields which are identified as having lack of study. A holistic big data perspective is needed to support software engineering ecosystems in large and complex enterprises. Keywords: Big Data, Software Engineering, Software Analytics, Data Mining, Software Development, Operational Intelligence, Software Archaeology
40
Temate-Tiagueu, Yvette, Joseph Amlung, Dennis Stover, Philip Peters, John T. Brooks, Sridhar Papagari Sangareddy, Jina J. Dcruz, and Kamran Ahmed. "Dashboard Prototype for Improved HIV Monitoring and Reporting for Indiana." Online Journal of Public Health Informatics 11, no. 1 (May 30, 2019). http://dx.doi.org/10.5210/ojphi.v11i1.9699.
Full textAbstract:
ObjectiveThe objective was to design and develop a dashboard prototype (DP) that integrates HIV data from disparate sources to improve monitoring and reporting of HIV care continuum metrics in Indiana. The tool aimed to support Indiana State Department of Health (ISDH) to monitor key HIV performance indicators, more fully understand populations served, more quickly identify and respond to crucial needs, and assist in planning and decision-making.IntroductionIn 2015, ISDH responded to an HIV outbreak among persons using injection drugs in Scott County [1]. Information to manage the public health response to this event and aftermath included data from multiple sources (e.g., HIV testing, surveillance, contact tracing, medical care, and HIV prevention activities). During the outbreak, access to timely and accurate data for program monitoring and reporting was difficult for health department staff. Each dataset was managed separately and tailored to the relevant HIV program area’s needs. Our challenge was to create a platform that allowed separate systems to communicate with each other and design a DP that offered a consolidated view of data.ISDH initiated efforts to integrate these HIV data sources to better track HIV prevention, diagnosis, and care metrics statewide, support decision-making and policies, and facilitate a more rapid response to future HIV-related investigations. The Centers for Disease Control and Prevention (CDC) through its Info-Aid program provided technical assistance to support ISDH’s data integration process and develop a DP that could aggregate these data and improve reporting of crucial statewide metrics.After an initial assessment phase, an in-depth analysis of requirements resulted in several design principles and lessons learned that later translated into standardization of data formats and design of the data integration process [2].MethodsSpecific design principles and prototyping methods were applied during the 9 months that lasted the DP design and development process starting from June 2017.Requirements elicitation, analysis, and validationThe elicitation and analysis of the requirements were done using a dashboard content inventory tool to gather and analyze HIV reporting needs and dashboard requirements from stakeholders. Results of this analysis allowed us to validate project goals, list required functionalities, prioritize features, and design the initial dashboard architecture. The initial scope was Scott County.Design mappingThe design mapping exercise reviewed different scenarios involving data visualization using DP, clarified associations among data from different programs and determined how best to capture and present them in the DP. For example, we linked data in separate datasets using unique identifier or county name. This step’s output was to refine DP architecture.Parallel designIn a parallel design session, we drew dashboard mockups on paper with end users. These mockups helped illustrate how information captured during design mapping would be translated into visual design before prototype implementation. Drawings were converted to PowerPoint mockups for validation and modifications. The mockup helped testers and future users, interact and rapidly understand the DP architecture. The model can be used for designing other DP.IntegrationData integration was conducted in SAS by merging datasets from different program areas iteratively. Next, we cleaned (e.g., deleted records missing crucial information) and validated data. The integration step solved certain challenges with ISDH data (e.g. linking data across systems while automating data cleaning was planned for later), increased data consistency and reduced redundancy, and resulted in a consolidated view of the data.PrototypingAfter data integration, we extracted a reduced dataset to implement and test different DP features. The first prototype was in Excel. We applied a modular design that allowed frequent feedback and input from ISDH program managers. Developers of the first prototype were in two locations, but team members kept in close contact and further refined the DP through weekly communications. We expanded the DP scope from Scott County to include all counties in Indiana.Beta VersionTo enable advanced analysis and ease collaboration of the final tool across users, we moved to Tableau Desktop Professional version 10. All Excel screens were redeveloped and integrated into a unique dashboard for a consolidated view of ISDH programs. After beta version completion, usability tests were conducted to guide the DP production version.Technical requirementsAll users were provided Tableau Reader to interact with the tool. DP is not online, but shared by ISDH through a protected shared drive. Provisions are made for the DP to use a relational database that will provide greater data storage flexibility, management, and retrieval. DP benefits from the existing security infrastructure at ISDH that allows for safeguarding personal identifiable information, secured access, backup and restoration.ResultsSystem contentISDH’s data generated at the county and state level were used to assess the following domains: HIV Testing, HIV Surveillance, Contact Tracing, HIV Care Coordination, and Syringe Exchange. The DP was populated through an offline extract of the integrated datasets. This approach sped up the Tableau workbook and allowed monthly update to the uploaded datasets. The system also included reporting features to display aggregate information for multiple population groups.Stakeholders’ feedbackTo improve users’ experience, the development team trained and offered stakeholders multiple opportunities to provide feedback, which was collected informally from ISDH program directors to guide DP enhancements. The initial feedback was collected through demonstration to CDC domain experts and ISDH staff. They were led through different scenarios and provided comments on overall design and suggestions for improvement. The goal of the demos was to assess ease of use and benefits and determine how it could be used to engage with stakeholders inside and outside of ISDH.DP Action ReportingThe DP reporting function will allow users to download spreadsheets and graphs. Some reports will be automatically generated and some will be ad-hoc. All users, including the ISDH Quality Manager and grant writers, can use the tool to guide program evaluations and justifications for funding. The tool will provide a way for ISDH staff to stay current about work of grantees, document key interactions with each community, and track related next steps. In addition, through an extract of the integrated dataset (e.g., out-of-care HIV positives), DP could support another ISDH program area, Linkage to Care.ConclusionsWe describe the process to design and develop a DP to improve monitoring and reporting of statewide HIV-related data. The solution from this technical assistance project was a useful and innovative tool that allows for capture of time-crucial information about populations at high risk. The system is expected to help ISDH improves HIV surveillance and prevention in Indiana. Our approach could be adapted to similar public health areas in Indiana.References1. Peters PJ et al. HIV infection linked to injection use of oxymorphone in Indiana, 2014–2015. N Engl J Med. 2016;375(3):229-39.2. Ahmed K et al. Integrating data from disparate data systems for improved HIV reporting: Lessons learned. OJPHI. 2018 May 17;10 (1).