【導(dǎo)讀】醫(yī)院信息化建設(shè)是一項(xiàng)長(zhǎng)期而艱巨的任務(wù)。在計(jì)算機(jī)軟硬件技術(shù)，網(wǎng)絡(luò)通信。務(wù)進(jìn)行了全方位的綜合管理。醫(yī)院信息系統(tǒng)的建設(shè)是對(duì)傳統(tǒng)醫(yī)院管理流程的再。象尤為明顯；醫(yī)院門診管理要從以醫(yī)院管理、經(jīng)濟(jì)管理為主轉(zhuǎn)為以病人為關(guān)注點(diǎn)，人性化服務(wù)，自動(dòng)化、無(wú)紙化管理，必須以人為本，在軟、硬件上上一個(gè)新臺(tái)階。

　　

【正文】 oftware testing. Hall and Chapman (2021) put orward ideas about how to build correct systems hat ful?l not only the normal requirements but also the security ones. These ideas are based on he use of several formal techniques of requirement representation and a strong correction analsis of each stage. As a result of technological hanges, such as access to databases via web,development of electronic merce, advances in data warehouses and even the use of data mining echniques (Thuraisingham et al., 1998), data ecurity problems have increased. This fact justi?es the use of methodologies incorporating secuity into the stages of ISs , we have identi?ed eleven methodologies that incorporate security into their development process (Artelsmair et al., 2021。Ferna 180。ndez, 2021。 Ferna 180。ndezMedina and Piattini,2021。 Ferna 180。ndezMedina et al., 2021。 Ge et al.,2021。 Ju 168。rjens, 2021。 Liu et al., 2021。 Marks et al., 1996。 Priebe and Pernul, 2021。 Siponen, 2021。 Vivas et al., 2021). Each one of these methodologies prises very important aspects concerning security that can be used as a basis for the improvement of the current methodologies. At the same time, these methodologies have a series of limitations that must be taken into fact, unfortunately, indicates that there are no consolidated methodologies that integrate security into the development process yet. The rest of the paper is anized as follows: In next section, we will shortly describe each one of the eleven proposals that incorporate security into the stages of systems development。 then, we will show the parison framework that we have used. Further, we will make the parison, and ?nally, in the last section, we will explain our conclusions. Proposal of methodologies incorporating security The proposals that will be analysed in our parison are listed below. MOMT: Multilevel Object Modeling Technique,by Marks et al. (1996) Business processdriven framework for security engineering, by Vivas et al. (2021) UMLSec: Secure Systems Development Methodology using UML, by Ju 168。rgens (2021) Secure Database Design Methodology, by Ferna 180。ndezMedina and Piattini (2021) Security and Privacy Requirements Analysis Methodology within a Social Setting, by Liu et al. (2021) A Paradigm for Adding Security into IS Development Methods, by Siponen (2021) CoSMo: An Approach Towards Conceptual Security Modeling, by Artelsmair et al. (2021) 清華大學(xué) 本科學(xué)士論文 25 Using Aspects to Design a Secure system, by Ge et al. (2021) A Methodology for Secure Software Design, by Ferna 180。ndez (2021) ADAPTed UML: A Pragmatic Approach to Conceptual Modeling of OLAP Security, by Priebe and Pernul (2021) A UML Extension for Secure Multidimensional Conceptual Modeling, by Ferna 180。ndezMedina et al. (2021) We have chosen these eleven methodologies because the majority of them try to solve the problem of security (mainly con?dentiality) from the earliest stages of the ISs development, emphasize security modeling aspects and use modeling languages that make it the easier security design process. MOMT: Multilevel Object Modeling Technique Marks et al. (1996) de?ne MOMT (Multilevel Object Modeling Technique) as a methodology to develop secure databases by extending OMT in order to be able to design multilevel databases providing the elements with a security level and establishing interaction rules among the elements of the model. Although MOMT is mainly posed of three stages, authors only describe the essential points of its analysis stage. These stages are described below. Analysis stage: it allows us to analyse the requirements to detect potential system vulnerabilities. This stage consists of three models whose aim is to collect system information from several perspectives: multilevel object model (to represent static features), multilevel dynamic model (to represent dynamic features) and multilevel functional model (to represent system transformation features). System design stage: it allows us to design multilevel databases. To do so, it de?nes, at a high level, systems structure and multilevel databases. Object design stage: it allows us to design the modules of the automated system in a more detailed way. Business processdriven framework for security engineering Vivas et al. (2021) propose a business processdriven system development method where technology decisions are guided by the business security requirements at the business model level is motivated by the fact that applications like emerce transactions are conceptually similar to traditional nonautomated business transactions. Notions such as nonrepudiation,con?dentiality, integrity, access control and authentication have played a role in business transactions long before the appearance of automated systems. This framework is based on the UML and integrates security requirements into a business process model of the system. The UML is extended in order to express security notions. With the aim of facilitating its adoption by system developers,the framework intends to integrate security requirements into standard system development methodologies which, currently, are often UML based and use cases and the corresponding scenarios are used as the basic tools to build threat models and elicit security requirements. The latter are originally stated at the high level of abstraction within a functional representation of the system, thus yielding a securityenriched speci?cation. Thereafter, a machine readable XMIrepresentation of the system is produced and security requirements are integrated into the functional description by means of 清華大學(xué) 本科學(xué)士論文 26 the patternbased analysis and design process yielding a new speci?cation of the system which the security requirements have been integrated into. The resulting representation is translated into a