Journal of Information Systems Education (JISE)

Volume 24

Volume 24 Number 1, Pages 17-30

Spring 2013


IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc. Case


Janine L. Spears
DePaul University
Chicago, IL 60604, USA

James L. Parrish, Jr.
Nova Southeastern University
Fort Lauderdale, FL 33314, USA

Abstract: This teaching case introduces students to a relatively simple approach to identifying and documenting security requirements within conceptual models that are commonly taught in systems analysis and design courses. An introduction to information security is provided, followed by a classroom example of a fictitious company, Fun & Fitness, in the process of updating its e-Commerce site for class registrations. The case illustrates how UML class diagrams can be used for information classification, data input validation, and regulatory compliance considerations; how a UML use case diagram can be transformed into a “misuse case” diagram to identify threats and countermeasures to functional use cases; and how a data flow diagram may be used to analyze and document threats and countermeasures to data stores, data flows, processes, and external entities using the STRIDE approach developed by Microsoft. The case is geared toward a systems analyst who does not have former training in IS security, and is suitable for upper-division undergraduate and graduate courses.

Keywords: Information assurance & security, Requirements analysis & specification, Business modeling, Modeling, Systems analysis & design, Unified modeling language (UML)

Download this article: JISE - Volume 24 Number 1, Page 17.pdf


Recommended Citation: Spears, J. L. & Parrish, J. L., Jr. (2013). IS Security Requirements Identification from Conceptual Models in Systems Analysis and Design: The Fun & Fitness, Inc., Case. Journal of Information Systems Education, 24(1), pp. 17-30.