User Requirements Elicitation for Secure and Interoperable Health Data Exchange
In this paper, we present the user requirements elicitation process conducted in the scope of the KONFIDO EU-funded project. KONFIDO aims to leverage proven tools and procedures as well as novel approaches and cuttingedge technologies, such as homomorphic encryption and blockchains, to provide a holistic paradigm for cross-border health data exchange and storage, focusingon interoperability and security. The methodology employed in the current work focused on producing high-level, end-user goals in an iterative fashion. First, the main business processes were identified based on the project’s pilot scenarios. These business processes were the subject of a threat analysis, which identified the respective assets and a list of security risks/threats. Threats were further elaborated, considering also the outcome of other relevant projects and widely accepted best practices (e.g. according to security standards). As a result, a set of end-user goals were identified and analysed in detail. A meta-analysis of the produced goals highlighted the significance of using standards as a guide for defining user requirements, as well as the high complexity concerning the interdependencies among the elaborated business processes, assets, threats and end-user goals.
P. Natsiavas, C. Kakalou, K. Votis, D. Tzovaras, D. Maglaveras, V. Koutkias. User Requirements Elicitation for Secure and Interoperable Health Data Exchange.In: Gelenbe, E., Campegiani, P., Czachorski, T., Katsikas, S., Komnios, I., Romano, L., Tzovaras, D. (eds.) Recent Cybersecurity Research in Europe: Proceedings of the 2018 ISCIS Security Workshop, Imperial College London. Lecture Notes CCIS No. 821, Springer Verlag (2018)