Dhirendra Pandey scite author profile

a b s t r a c tAs we are continuously depending on information technology applications by adopting electronic channels and software applications for our business, online transaction and communication, software security is increasingly becoming a necessity and more advanced concern. Both the functional and non-functional requirements are important and provide the necessary needs at the early phases of the software development process, specifically in the requirement phase. The aim of this research is to identify security threats early in the software development process to help the requirement engineer elicit appropriate security requirements in a more systematic manner throughout the requirement engineering process to ensure a secure and quality software development. This article proposes the STORE methodology for security requirement elicitation based on security threats analysis, which includes the identification of four points: PoA, PoB, PoC and PoD for effective security attack analysis. Further, the proposed STORE methodology is also validated by a case study of an ERP System. We also compare our STORE methodology with two existing techniques, namely, SQUARE and MOSRE. We have shown that more effective and efficient security requirements can be elicited by the STORE methodology and that it helps the security requirement engineer to elicit security requirements in a more organized manner.

show abstract

A fuzzy TOPSIS based analysis toward selection of effective security requirements engineering approach for trustworthy healthcare software development

Ansari

Al-Zahrani

Pandey

et al. 2020

BMC Med Inform Decis Mak

View full text Add to dashboard Cite

Background Today’s healthcare organizations want to implement secure and quality healthcare software as cyber-security is a significant risk factor for healthcare data. Considering security requirements during trustworthy healthcare software development process is an essential part of the quality software development. There are several Security Requirements Engineering (SRE) methodologies, framework, process, standards available today. Unfortunately, there is still a necessity to improve these security requirements engineering approaches. Determining the most suitable security requirements engineering method for trustworthy healthcare software development is a challenging process. This study is aimed to present security experts’ perspective on the relative importance of the criteria for selecting effective SRE method by utilizing the multi-criteria decision making methods. Methods The study was planned and conducted to identify the most appropriate SRE approach for quality and trustworthy software development based on the security expert’s knowledge and experience. The hierarchical model was evaluated by using fuzzy TOPSIS model. Effective SRE selection criteria were compared in pairs. 25 security experts were asked to response the pairwise criteria comparison form. Results The impact of the recognized selection criteria for effective security requirements engineering approaches has been evaluated quantitatively. For each of the 25 participants, comparison matrixes were formed based on the scores of their responses in the form. The consistency ratios (CR) were found to be smaller than 10% (CR = 9.1% < 10%). According to pairwise comparisons result; with a 0.842 closeness coefficient (Ci), STORE methodology is the most effective security requirements engineering approach for trustworthy healthcare software development. Conclusions The findings of this research study demonstrate various factors in the decision-making process for the selection of a reliable method for security requirements engineering. This is a significant study that uses multi-criteria decision-making tools, specifically fuzzy TOPSIS, which used to evaluate different SRE methods for secure and trustworthy healthcare application development.

show abstract

RSA based encryption approach for preserving confidentiality of big data

Sharma

Agrawal

Pandey

et al. 2022

Journal of King Saud University - Computer and Information Scie

View full text Add to dashboard Cite

Risks, Security, and Privacy for HIV/AIDS Data

Ansari

Pandey

2018

View full text Add to dashboard Cite

Big data has the potential to transform healthcare systems for the prevention and treatment of HIV/AIDS by providing analytic tools that are capable of handling huge and different types of data at very fast speeds. Big data's transformative potential is also introverted by privacy and security requirements for HIV/AIDS patients' sensitive data that restrict health information exchange. Electronic health records provide the opportunity for HIV/AIDS patients to receive improved coordinated care from healthcare providers and easier access to their health information. This chapter discusses the various legal frameworks governing health information, dispels misconceptions about privacy regulations, and highlights how these legal frameworks provide privacy, confidentiality, and security to this sensitive information, and shows how EHRs can maximize the utility of big data to improve HIV/AIDS prevention and treatment.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.