Using trust assumptions with security requirements

Assumptions are frequently made during requirements analysis of a system about the trustworthiness of its various components (including human components). These trust assumptions, whether implicit or explicit, affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the Secure Electronic Transaction (SET) specification

Science or art: risk and project management in healthcare

Despite its rapid growth in recent literature, risks in project management have received limited critical attention when compared to Lean principles and total quality management. The aim of this article is to examine the ongoing dialogue within health services funders and providers concerning the relationship between project management and its relationship to hard and soft environmental risk factors. The failure of high profile projects and cost to the taxpayer is on the increase. This article argues that the lack of understanding in relation to a holistic assessment of project success factors contributes to increased risk of failure. It argues that greater emphasis is needed on placing risk relative to both operational and cultural factors, as opposed to the frequent use of prescriptive mechanistic methodologies. These changes have the potential not merely to improve the success rates of healthcare management projects, but health outcomes too

Implications of security mechanisms and Service Level Agreements (SLAs) of Platform as a Service (PaaS) clouds for geoprocessing services

Cloud computing is an emerging computing paradigm aimed at running services over the internet to provide scalability and flexibility. The advantages in using the cloud for start‐up and small businesses that lack infrastructure have been shown to far outweigh the disadvantages. Cloud platform services, also known as Platform as a Service (PaaS), provide a computing platform or solution stack on which software can be developed for later deployment in a cloud. However, there are a number of security challenges because users of the cloud have to rely on third party companies to provide confidentiality, integrity and availability. Geoprocessing is the manipulation of geographic information, ranging from simple feature overlays and geocoding to raster processing and advanced climate modelling. The Open Geospatial Consortium’s (OGC) Web Processing Service (WPS) defines a standardized interface that facilitates the publishing of geospatial processes. Parallelization and distribution of geoprocessing services have received much attention lately, including running them in a cloud. However, work on the security aspects of geoprocessing in a cloud is limited. In this paper, we anaylse security mechanisms and Service Level Agreements (SLA) of PaaS clouds and present results of experiments run in the PaaS clouds. The implications of these results for the development of geoprocessing services in a PaaS cloud are discussed. Finally, recommendations for future work are presented.The South African Department of Trade and Industryhttp://www.springerlink.com/content/1866-9298