Information and Software Technology
Basis for an integrated security ontology according to a systematic review of existing proposals
Computer Standards & Interfaces
Security and trust requirements engineering
Foundations of Security Analysis and Design III
A pattern-based method for identifying and analyzing laws
REFSQ'12 Proceedings of the 18th international conference on Requirements Engineering: foundation for software quality
Hi-index | 0.00 |
Information Technologies misuse has increased the vulnerability of personal data, which has lead to growing concern about issues of personal privacy among political leaders, IT managers, information security consultants and the millions of people currently online. Manycountries have developed, or are preparing, Laws and Regulations to combat the related threats and to guarantee Personal Data Protection. Despite efforts to construct secure systems, few papers have, as yet, focused on security from the very outset of the system development life-cycle. This paper presents a pragmatic proposal to incorporate the legal and regulatory measures to guarantee Personal Data Protection as a part of the requirements engineering process, instead of an addendum to system deployment. The authors investigatehow recent efforts in the Requirements Engineering field can contribute to improving security issues in Information Systems, in particular those dealing with Personal Data. A reusable collection of security requirements and, as a novelty, Personal Data Protection requirements(including information on related software components links) are provided. The pre-defined requirements, together with a simple process model based on requirements reuse, provide a strategy that organizations can use to become privacy-compliant.