S&D Pattern Deployment at Organizational Level: A Prototype for Remote Healthcare System

The analysis of security incidents and frauds has shown that several vulnerabilities of IT systems are due to loopholes in the policies and procedures adopted by organizations as well as in their structure. Organizations have thus to address security and dependability issues by analyzing their organizational setting. In this paper, we present a methodology to support the deployment of Security & Dependability patterns according to their position in the Enterprise Architecture and the underlying system infrastructures. The methodology discriminates the pattern deployment process between recommendations and guidelines. Recommendations concretize the deployment with refined software and/or hardware related patterns, whereas guidelines specify the organizational patterns in terms of the system-to-be, proposing human-resource and/or policy solutions. To make the discussion more concrete, we illustrate the framework with a case study on an emergency scenario within a remote healthcare system.

[1]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[2]  Fabio Massacci,et al.  How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach , 2007, ICAIL.

[3]  Markus Schumacher,et al.  Security Engineering with Patterns: Origins, Theoretical Models, and New Applications , 2003 .

[4]  Ross J. Anderson Why cryptosystems fail , 1993, CCS '93.

[5]  Bashar Nuseibeh,et al.  Requirements engineering: a roadmap , 2000, ICSE '00.

[6]  John A. Zachman,et al.  A Framework for Information Systems Architecture , 1987, IBM Syst. J..

[7]  Tai-Hoon Kim,et al.  Applying Security Engineering to Build Security Countermeasures: An Introduction , 2004, PARA.

[8]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[9]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[10]  Ross M. Miller,et al.  What went wrong at Enron : everyone's guide to the largest bankruptcy in U.S. history , 2002 .

[11]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[12]  Fabio Massacci,et al.  Security and Trust Requirements Engineering , 2005, FOSAD.

[13]  S. Giroux,et al.  The Intelligent Habitat And Everyday Life Activity Support , 2003 .

[14]  John Mylopoulos,et al.  An ontology for secure socio-technical systems , 2007 .

[15]  Majid Sarrafzadeh,et al.  Adaptive and fault tolerant medical vest for life-critical medical monitoring , 2005, SAC '05.

[16]  Peter Rittgen,et al.  Handbook of Ontologies for Business Interaction , 2007 .