Security is an important quality goal of software engineering. Incidents of data theft, data loss, and unavailability may lead to frustration of users, contravention of laws, or financial loss. Especially in critical domains like health care, every effort must be made to minimize security related problems. The optimum method for establishing software security is to consider it during all stages of the software process. For legacy systems, however, this is not possible. In order to provide a high level of confidence in the security of existing systems, a security analysis must be conducted. In this paper, we perform a security analysis of an existing clinical decision support system called EGADSS. The major motivation for conducting the security analysis is that the operational context of EGADSS is being changed from an intranet to the Internet. This means that in addition to general considerations associated with a security analysis, particular attention must be paid to the threats and risks introduced by the new environment of EGADSS. In order to conduct the analysis, we perform a process developed and published within the open content community, called CLASP (Comprehensive Lightweight Application Security Process). We report on our experiences with applying this community maintained process and reflect on its effectiveness in modeling threats to the system and identifying appropriate countermeasures.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Systems security engineering capability maturity model (SSE-CMM), 2006. Standard ISO/IEC 21827.
	2	Build security in, 2007. https://buildsecurityin.us-cert.gov/
	3	C. S. Reber. Certification Commission for Healthcare Information Technology (CCHIT) Approach to Assuring the Security of Electronic Health Record Systems. CCHIT.233 N. Michigan Avenue, Chicago, IL 60601
	4	Koen Buyens , Riccardo Scandariato , Wouter Joosen, Process Activities Supporting Security Principles, Proceedings of the 31st Annual International Computer Software and Applications Conference - Vol. 2- (COMPSAC 2007), p.281-292, July 24-27, 2007  [doi>10.1109/COMPSAC.2007.170]
	5	Iryna Bilykh , Jens H. Jahnke , Glen McCallum , Morgan Price, Using the Clinical Document Architecture as Open Data Exchange Format for Interfacing EMRs with Clinical Decision Support Systems, Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems, p.855-860, June 22-23, 2006  [doi>10.1109/CBMS.2006.166]
	6	Michael Howard , Steve Lipner, The Security Development Lifecycle, Microsoft Press, Redmond, WA, 2006
	7	CLASP website: http://www.owasp.org/index.php/OWASP_CLASP_Project
	8	Ivan Flechais , M. Angela Sasse , Stephen M. V. Hailes, Bringing security home: a process for developing secure and usable systems, Proceedings of the 2003 workshop on New security paradigms, August 18-21, 2003, Ascona, Switzerland  [doi>10.1145/986655.986664]
	9	C. Gutierrez , E. Fernandez-Medina , M. Piattini, PWSSec: Process for Web Services Security, Proceedings of the IEEE International Conference on Web Services, p.213-222, September 18-22, 2006  [doi>10.1109/ICWS.2006.107]
	10	A. Allas. Canada Health Infoway: EHRS Blueprint. Health Canada Infoway. 2006.
	11	R. Dolin, L. Alschuler, C. Beebe, P. Biron, S. Boyer, D. Essin, E. Kimber, T. Lincoln, and J. Mattison. The HL 7 Clinical Document Architecture. Journal of the American Medical Informatics Association, 8(6):552, 2001.
	12	M. Pfaehler. Performing a security analysis of a clinical decision support system for the migration from an intranet to the Internet. Bachelorarbeit an der Hochschule Ulm, Fakultät Informatik, Ulm, Germany, 2007
	13	Bundesamt fuer Sicherheit in der Informationstechnik. Tomcat security assessment http://www.bsi.de/literat/studien/tomcat/index.htm
	14	Bruce Schneier, "Attack Trees - Modeling security threats", Dr. Dobb's Journal, July 22, 2001
	15	G. Sindre and A. L. Opdahl, Templates for Misuse Case Description, Proceedings of the 7 International Workshop on Requirements Engineering, Foundation for Software Quality (REFSQ'2001), Switzerland, June 4--5, 2001
	16	T. Pryor and G. Hripcsak. The arden syntax for medical logic modules. Journal of Clinical Monitoring and Computing, 10(4):215--224, 1993.
	17	Johan Gregoire , Koen Buyens , Bart De Win , Riccardo Scandariato , Wouter Joosen, On the Secure Software Development Process: CLASP and SDL Compared, Proceedings of the Third International Workshop on Software Engineering for Secure Systems, p.1, May 20-26, 2007  [doi>10.1109/SESS.2007.7]
	18	RFC 4732, Internet Denial-of-Service Considerations, http://www.jetf.org/rfc/rfc4732.txt