ERIC Number: EJ1014283
Record Type: Journal
Publication Date: 2013
Pages: 13
Abstractor: As Provided
ISBN: N/A
ISSN: ISSN-1055-3096
EISSN: N/A
Teaching Case: IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case
Spears, Janine L.; Parrish, James L., Jr.
Journal of Information Systems Education, v24 n1 p17-29 Spr2013
This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, "Fun & Fitness," in the process of updating its e-Commerce site for class registrations. The case illustrates how UML class diagrams can be used for information classification, data input validation, and regulatory compliance considerations; how a UML use case diagram can be transformed into a "misuse case" diagram to identify threats and countermeasures to functional use cases; and how a data flow diagram may be used to analyze and document threats and countermeasures to data stores, data flows, processes, and external entities using the STRIDE approach developed by Microsoft. The case is geared toward a systems analyst who does not have former training in IS security, and is suitable for upper-division undergraduate and graduate courses. (Contains 5 tables, 6 figures, and 3 endnotes.)
Descriptors: Information Security, Computer Security, Information Technology, Internet, Case Method (Teaching Technique), Teaching Methods, Systems Analysis, Design, Business, Higher Education, Classification, Confidentiality
Journal of Information Systems Education. e-mail: editor@jise.org; Web site: http://www.jise.org
Publication Type: Journal Articles; Reports - Descriptive
Education Level: Higher Education; Postsecondary Education
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A
Grant or Contract Numbers: N/A