Combining Privacy and Security Risk Assessment in Security Quality Requirements Engineering
نویسندگان
چکیده
Security risk assessment identifies the threats to systems, while privacy risk assessment identifies data sensitivities in systems. The Security Quality Requirements Engineering (SQUARE) method is used to identify software security issues in the early stages of the development lifecycle. We propose combining the existing security risk assessment techniques in SQAURE with the Privacy Impact Assessment (PIA) technique and the Health Insurance Portability and Accountability Act (HIPAA) to address the full spectrum of security and privacy risks. Our ultimate goal is to introduce a privacy requirements engineering method that uses steps of SQUARE for privacy instead of or in addition to security.
منابع مشابه
Security and Privacy Requirements Engineering
Security requirements engineering identifies security risks in software in the early stages of the development cycle. In this chapter, the authors present the SQUARE security requirements method. They integrate privacy requirements into SQUARE to identify privacy risks in addition to security risks. They then present a privacy elicitation technique and subsequently combine security risk assessm...
متن کاملA Lightweight Privacy-preserving Authenticated Key Exchange Scheme for Smart Grid Communications
Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important requirements that should be provided in the communication. Because of the complex design of s...
متن کاملIntegrating privacy requirements considerations into a security requirements engineering method and tool
In this paper we examine a method for identifying privacy requirements within the context of a security requirements engineering method. We briefly describe the security quality requirements engineering (SQUARE) methodology. Next we discuss our definition of privacy and the associated privacy concerns. We discuss the challenges of privacy requirements engineering and the need for incorporating ...
متن کاملChapter 1 STRATEGIES FOR DEVELOPING POLICIES AND REQUIREMENTS FOR SECURE ELECTRONIC COMMERCE SYSTEMS
While the Internet is dramatically changing the way business is conducted, security and privacy issues are of deeper concern than ever before. A primary fault in evolutionary electronic commerce systems is the failure to adequately address security and privacy issues; therefore, security and privacy policies are either developed as an afterthought to the system or not at all. One reason for thi...
متن کاملبهبود رتبه بندی مخاطرات امنیت اطلاعات با استفاده از مدل های تصمیم گیری چند شاخصه
One of the most important capabilities of information security management systems, which must be implemented in all organizations according to their requirements, is information security risk management. The application of information security risk management is so important that it can be named as the heart of information security management systems. Information security risk rating is conside...
متن کامل