NotesFAQContact Us
Search Tips
Peer reviewed Peer reviewed
Direct linkDirect link
ERIC Number: EJ1014283
Record Type: Journal
Publication Date: 2013
Pages: 13
Abstractor: As Provided
ISSN: ISSN-1055-3096
Teaching Case: IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case
Spears, Janine L.; Parrish, James L., Jr.
Journal of Information Systems Education, v24 n1 p17-29 Spr2013
This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun & Fitness," in the process of updating its e-Commerce site for class registrations. The case illustrates how UML class diagrams can be used for information classification, data input validation, and regulatory compliance considerations; how a UML use case diagram can be transformed into a "misuse case" diagram to identify threats and countermeasures to functional use cases; and how a data flow diagram may be used to analyze and document threats and countermeasures to data stores, data flows, processes, and external entities using the STRIDE approach developed by Microsoft. The case is geared toward a systems analyst who does not have former training in IS security, and is suitable for upper-division undergraduate and graduate courses. (Contains 5 tables, 6 figures, and 3 endnotes.)
Journal of Information Systems Education. e-mail:; Web site:
Publication Type: Journal Articles; Reports - Descriptive
Education Level: Higher Education; Postsecondary Education
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A
Grant or Contract Numbers: N/A