Assessing frameworks for eliciting privacy & security requirements from laws and regulations
نویسندگان
چکیده
The processing of personal data has become a prominent concern for stakeholders when selecting software or service providers to serve their needs. Different laws and legislation have been introduced standardize strengthen protection policies across different countries protect such data. Therefore, businesses organizations responsible managing are obligated implement the privacy security requirements established by these legislation. methods tools provided eliciting legally compliant based on relevant However, little done in assessing methodologies regulations outside EU US. This paper aims assess other information beyond General Data Protection Regulation (GDPR) Health Insurance Portability Accountability Act (HIPAA) explicitly focusing Nigerian regulation. To investigate applicability methodologies, we use extracted with communication protocols verifying compliance procedural practices products services financial technology sector. analysis reports completeness, consistency, utility frameworks. Finally, foundational research directions interoperable standards from legal texts proposed.
منابع مشابه
Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations
[Context and motivation] The increasing demand of software systems to process and manage sensitive information has led to the need that software systems should comply with relevant laws and regulations, which enforce the privacy and other aspects of the stored information. [Question/problem] However, the task is challenging because concepts and terminology used for requirements engineering are ...
متن کاملA Semi-Automatic Approach for Eliciting Cloud Security and Privacy Requirements
Cloud computing provides a wide range of services to organisations in a flexible and cost efficient manner. Nevertheless, inherent cloud security issues make organisations hesitant towards the migration of their services to cloud. In parallel, the cloud service-oriented nature requires a specific and more demanding description of the business functional requirements intended for migration. Orga...
متن کاملEliciting Security Requirements by Misuse Cases
Use case diagrams have proven quite helpful in requirements engineering, both for eliciting requirements and getting a better overview of requirements already stated. However, not all kinds of requirements are equally well supported by use case dagrams. They are good for functional requirements, but poorer at, e.g., securiq requirements, which ofren concentrate on what should not happen in the ...
متن کاملSecurity and Privacy Requirements Engineering
Security requirements engineering identifies security risks in software in the early stages of the development cycle. In this chapter, the authors present the SQUARE security requirements method. They integrate privacy requirements into SQUARE to identify privacy risks in addition to security risks. They then present a privacy elicitation technique and subsequently combine security risk assessm...
متن کاملIncorporating Security Requirements from Legal Regulations into UMLsec model
Compliance with law, industry standards, and corporate governance regulations are one of the driving factors for discovering security requirements. This paper aims to incorporate constraints from regulations through security requirements at an early stage of development. Constraints are extracted using a pattern based approach from legal texts of information security laws and policies derived f...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Computers & Security
سال: 2022
ISSN: ['0167-4048', '1872-6208']
DOI: https://doi.org/10.1016/j.cose.2022.102697