Privacy, information technology, and health care
Communications of the ACM
Mastering the requirements process
Mastering the requirements process
Investigating information systems with action research
Communications of the AIS
Software Requirements
EDP Auditing: Conceptual Foundations and Practice
EDP Auditing: Conceptual Foundations and Practice
Requirements Engineering: Processes and Techniques
Requirements Engineering: Processes and Techniques
On Modelling Access Policies: Relating Roles to their Organisational Context
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Privacy constraint processing in a privacy-enhanced database management system
Data & Knowledge Engineering
Integrating Security and Software Engineering: Advances and Future Visions
Integrating Security and Software Engineering: Advances and Future Visions
Standards for secure data sharing across organizations
Computer Standards & Interfaces
Computer Standards & Interfaces
Security Requirements Engineering: A Framework for Representation and Analysis
IEEE Transactions on Software Engineering
Security Requirement Engineering at a Telecom Provider
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Addressing privacy requirements in system design: the PriS method
Requirements Engineering
Grand Challenges in Information Security: Process and Output
IEEE Security and Privacy
Software testing and preventive quality assurance for metrology
Computer Standards & Interfaces
Computer Standards & Interfaces
Hi-index | 0.00 |
Organizations using personal data in areas such as in Health Information Systems have, in recent years, shown an increasing interest in the correct protection of these data. It is not only important to define security measures for these sensitive data, but also to define strategies to audit their fulfilment. Although standardisation organisations have defined recommendations and standards related to security and audit controls, no methodological frameworks proposing the audit of these sensitive data have been described. This paper presents a methodology with which to audit personal data protection, using Requirements Engineering and based on CobiT. This methodology has been validated in four real case studies.