Using trust assumptions with security requirements

Assumptions are frequently made during requirements analysis of a system about the trustworthiness of its various components (including human components). These trust assumptions, whether implicit or explicit, affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the Secure Electronic Transaction (SET) specification

Science or art: risk and project management in healthcare

Despite its rapid growth in recent literature, risks in project management have received limited critical attention when compared to Lean principles and total quality management. The aim of this article is to examine the ongoing dialogue within health services funders and providers concerning the relationship between project management and its relationship to hard and soft environmental risk factors. The failure of high profile projects and cost to the taxpayer is on the increase. This article argues that the lack of understanding in relation to a holistic assessment of project success factors contributes to increased risk of failure. It argues that greater emphasis is needed on placing risk relative to both operational and cultural factors, as opposed to the frequent use of prescriptive mechanistic methodologies. These changes have the potential not merely to improve the success rates of healthcare management projects, but health outcomes too