Interview Questions for Business Analysts and Systems Analysts

Recent Interview Questions | Search | Subscribe (RSS)


What is a Mis-Use Case?

Posted by Chris Adams

Article Rating // 37812 Views // 1 Additional Answers & Comments

Categories: Business Analysis, Systems Analysis, Use Cases, Requirements Analysis (BABOK KA)


A Mis-use Case, which is derived from Use Case, is a requirements and process modeling term used to describe the steps and scenarios which a user performs in order to accomplish a malicious act against a system or business process.  They are still use cases in the sense that they define the steps that a user performs to achieve a goal, even if the goal isn’t a positive one or a desired one from the perspective of the business process or system designers.

Because a mis-use case is a type of use case, all of the information that you might already know about use cases apply.

Creating mis-use cases places an early emphasis on security features that business processes and systems should consider.  Often, the creation of mis-use cases will lead to the creation of new use cases as countermeasures to the malicious act.

Consider the case where an analyst is designing the registration experience for a mobile application.  For convenience, the analyst may not want to require the new user to have to check their email and click a verification link to prove the email belongs to them before accessing the application.  However, there is an important mis-use case to document and consider and that is the case where another user attempts to register using an email address that belongs to someone else. We might call this use case actor the “Stalker Ex-Girlfriend/Boyfriend”

There may be many options for designing around this problem.  The point is that by documenting this mis-use case, the analyst is placing the necessary emphasis on security considerations.  Undoubtedly, a number of additional use case scenarios will likely be uncovered to handle countermeasures to this behavior.

Chris Adams
LinkedIn Profile



Ellen Gottesdiener posted on Wednesday, December 14, 2011 12:46 PM
thanks for this summary of misuse cases, an idea invented by Ian Alexander. yes Ian invented the term intends them for users/actors who try to misuse the system, and thus their can help derive quality attributes such as security and safety requirements.

[ (for a detailed paper, i'd recommend reading Ian's article here: ) or Ian's 2003 paper in IEEE, "Misuse Cases: Use Cases with Hostile Intent (google searching it will pick up the pdf) ]

i'm not sure i'd characterize misuse cases as a business process modeling term (more often, at least the originator's intent, it is for user requirements).

These are not to be confused with misuses of use cases in general ;-) for some ideas on that topic, see (two part article):

all the best,
~ ellen
Ellen Gottesdiener
Only registered users may post comments.

Do your homework prior to the business analysis interview!

Having an idea of the type of questions you might be asked during a business analyst interview will not only give you confidence but it will also help you to formulate your thoughts and to be better prepared to answer the interview questions you might get during the interview for a business analyst position.  Of course, just memorizing a list of business analyst interview questions will not make you a great business analyst but it might just help you get that next job.



Select ModernAnalyst Content

Register | Login

Copyright 2006-2024 by Modern Analyst Media LLC