User Requirements Elicitation for Secure and Interoperable Health Data Exchange

P. Natsiavas, C. Kakalou, K. Votis, D. Tzovaras, D. Maglaveras, V. Koutkias

In this paper, we present the user requirements elicitation process conducted in the scope of the KONFIDO EU-funded project. KONFIDO aims to leverage proven tools and procedures as well as novel approaches and cuttingedge technologies, such as homomorphic encryption and blockchains, to provide a holistic paradigm for cross-border health data exchange and storage, focusingon interoperability and security. The methodology employed in the current work focused on producing high-level, end-user goals in an iterative fashion. First, the main business processes were identified based on the project’s pilot scenarios. These business processes were the subject of a threat analysis, which identified the respective assets and a list of security risks/threats. Threats were further elaborated, considering also the outcome of other relevant projects and widely accepted best practices (e.g. according to security standards). As a result, a set of end-user goals were identified and analysed in detail. A meta-analysis of the produced goals highlighted the significance of using standards as a guide for defining user requirements, as well as the high complexity concerning the interdependencies among the elaborated business processes, assets, threats and end-user goals.

Citation

P. Natsiavas, C. Kakalou, K. Votis, D. Tzovaras, D. Maglaveras, V. Koutkias. User Requirements Elicitation for Secure and Interoperable Health Data Exchange.In: Gelenbe, E., Campegiani, P., Czachorski, T., Katsikas, S., Komnios, I., Romano, L., Tzovaras, D. (eds.) Recent Cybersecurity Research in Europe: Proceedings of the 2018 ISCIS Security Workshop, Imperial College London. Lecture Notes CCIS No. 821, Springer Verlag (2018)