Comparative analysis of software development methodologies for security requirement analysis: Towards healthcare security practice

Abstract

Reducing time to market (TTM), dynamic requirement changes and increasing profit to service providers are some of the features that are most interesting to software developers, in their look-up for software development methodologies. Security requirement features in system development methodologies are often not the primary concern of developers until now. Due to the increasing rate of data breaches in healthcare, software engineers in healthcare are desiring for suitable methods which have been incorporated with security requirement activities, for effective security requirement analyses. This study surveyed on existing software development methodologies and assessed their suitability for security requirements gathering and analysis towards enhancing information security assurance in healthcare. Security requirement activities were obtained from software security engineering standards and guidelines. The security activities were then assessed in existing software development methods to determine their extend of incorporation towards secure software development in healthcare. In this review, the traditional software development methods, including the Waterfall Model, were realized to have more integration of security requirement capturing activities than the agile methods.