How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns |
| |
Authors: | Luca Compagna Paul El Khoury Alžběta Krausová Fabio Massacci Nicola Zannone |
| |
Affiliation: | (1) SAP Research, Nice, France;(2) University of Lyon I, LIRIS CNRS UMR 5205, Lyon, France;(3) ICRI – K.U. Leuven – IBBT, Leuven, Belgium;(4) University of Trento, Trento, Italy;(5) University of Toronto, Toronto, ON, Canada |
| |
Abstract: | Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control Infrastructure, etc.) have been proposed to address security and privacy issues. However, understanding why, and when such solutions have to be adopted is often unanswered because the answer comes only from a broader perspective, accounting for legal and organizational issues. Security engineers and legal experts should analyze the business goals of a company and its organizational structure and derive from there the points where security and privacy problems may arise and which solutions best fit such (legal) problems. The paper investigates the methodological support for capturing security and privacy requirements of a concrete health care provider. |
| |
Keywords: | Security and privacy patterns Legal requirements Organization Pattern validation Healthcare |
本文献已被 SpringerLink 等数据库收录! |
|