Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation

Authors:
Fabio Massacci;Marco Prest;Nicola Zannone
Affiliations:
Dip. di Informatica e Telecomunicazioni, University of Trento, Italy;Direzione Amministrativa IT, University of Trento, Italy;Dip. di Informatica e Telecomunicazioni, University of Trento, Italy
Venue:
Computer Standards & Interfaces
Year:
2005

Citing 5
Cited 17

Security and Privacy Requirements Analysis within a Social Setting

RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Tropos: An Agent-Oriented Software Development Methodology

Autonomous Agents and Multi-Agent Systems
Cassandra: Flexible Trust Management, Applied to Electronic Health Records

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
A requirements taxonomy for reducing Web site privacy vulnerabilities

Requirements Engineering
Secure Systems Development with UML

Secure Systems Development with UML

A common criteria based security requirements engineering process for the development of secure information systems

Computer Standards & Interfaces
Computer-aided Support for Secure Tropos

Automated Software Engineering
Towards security requirements management for software product lines: A security domain requirements engineering process

Computer Standards & Interfaces
Requirements model generation to support requirements elicitation: the Secure Tropos experience

Automated Software Engineering
Enforcing a security pattern in stakeholder goal models

Proceedings of the 4th ACM workshop on Quality of protection
Experimental comparison of attack trees and misuse cases for security threat identification

Information and Software Technology
How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

Artificial Intelligence and Law
A systematic review of security requirements engineering

Computer Standards & Interfaces
A Personal Data Audit Method through Requirements Engineering

Computer Standards & Interfaces
Prioritizing Legal Requirements

RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Legal Patterns Implement Trust in IT Requirements: When Legal Means are the "Best" Implementation of IT Technical Goals

RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Security requirements engineering framework for software product lines

Information and Software Technology
Designing security requirements models through planning

CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
Security and trust requirements engineering

Foundations of Security Analysis and Design III
Modeling social and individual trust in requirements engineering methodologies

iTrust'05 Proceedings of the Third international conference on Trust Management
ST-Tool: a CASE tool for modeling and analyzing trust requirements

iTrust'05 Proceedings of the Third international conference on Trust Management
Applying a security requirements engineering process

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Extending Requirements Engineering modelling and formal analysis methodologies to cope with Security Requirements has been a major effort in the past decade. Yet, only few works describe complex case studies that show the ability of the informal and formal approaches to cope with the level complexity required by compliance with ISO-17799 security management requirements. In this paper we present a comprehensive case study of the application of the Secure Tropos RE methodology for compliance to the Italian legislation on Privacy and Data Protection by the University of Trento, leading to the definition and analysis of a ISO-17799-like security management scheme.