A Personal Data Audit Method through Requirements Engineering

Authors:
Miguel A. Martínez;Joaquín Lasheras;Eduardo Fernández-Medina;Ambrosio Toval;Mario Piattini
Affiliations:
Software Engineering Research Group, Computer and Systems Department, University of Murcia, Campus de Espinardo, 30071, Murcia, Spain;Software Engineering Research Group, Computer and Systems Department, University of Murcia, Campus de Espinardo, 30071, Murcia, Spain;ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Soluziona Research and Development Institute, University of Castilla-La Mancha, Paseo de la Universidad, 4-13071, Ciud ...;Software Engineering Research Group, Computer and Systems Department, University of Murcia, Campus de Espinardo, 30071, Murcia, Spain;ALARCOS Research Group, Information Systems and Technologies Department, UCLM-Soluziona Research and Development Institute, University of Castilla-La Mancha, Paseo de la Universidad, 4-13071, Ciud ...
Venue:
Computer Standards & Interfaces
Year:
2010

Citing 18
Cited 0

Privacy, information technology, and health care

Communications of the ACM
Mastering the requirements process

Mastering the requirements process
Investigating information systems with action research

Communications of the AIS
Software Requirements

Software Requirements
EDP Auditing: Conceptual Foundations and Practice

EDP Auditing: Conceptual Foundations and Practice
Requirements Engineering: Processes and Techniques

Requirements Engineering: Processes and Techniques
On Modelling Access Policies: Relating Roles to their Organisational Context

RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Privacy constraint processing in a privacy-enhanced database management system

Data & Knowledge Engineering
Integrating Security and Software Engineering: Advances and Future Visions

Integrating Security and Software Engineering: Advances and Future Visions
Standards for secure data sharing across organizations

Computer Standards & Interfaces
A common criteria based security requirements engineering process for the development of secure information systems

Computer Standards & Interfaces
Security Requirements Engineering: A Framework for Representation and Analysis

IEEE Transactions on Software Engineering
Security Requirement Engineering at a Telecom Provider

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Addressing privacy requirements in system design: the PriS method

Requirements Engineering
Grand Challenges in Information Security: Process and Output

IEEE Security and Privacy
Software testing and preventive quality assurance for metrology

Computer Standards & Interfaces
Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation

Computer Standards & Interfaces
When security meets software engineering: a case of modelling secure information systems

Information Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Organizations using personal data in areas such as in Health Information Systems have, in recent years, shown an increasing interest in the correct protection of these data. It is not only important to define security measures for these sensitive data, but also to define strategies to audit their fulfilment. Although standardisation organisations have defined recommendations and standards related to security and audit controls, no methodological frameworks proposing the audit of these sensitive data have been described. This paper presents a methodology with which to audit personal data protection, using Requirements Engineering and based on CobiT. This methodology has been validated in four real case studies.