Towards a framework to elicit and manage security and privacy requirements from laws and regulations

Shareeful Islam; Haralambos Mouratidis; Stefan Wagner

doi:10.1007/978-3-642-14192-8_23

Towards a framework to elicit and manage security and privacy requirements from laws and regulations

Shareeful Islam, Haralambos Mouratidis, Stefan Wagner

Informatics Heilbronn 3 - Chair of Software Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

34 Scopus citations

Abstract

[Context and motivation] The increasing demand of software systems to process and manage sensitive information has led to the need that software systems should comply with relevant laws and regulations, which enforce the privacy and other aspects of the stored information. [Question/problem] However, the task is challenging because concepts and terminology used for requirements engineering are mostly different to those used in the legal domain and there is a lack of appropriate modelling languages and techniques to support such activities. [Principal ideas/results] The legislation need to be analysed and align with the system requirements. [Contribution] This paper motivates the need to introduce a framework to assist the elicitation and management of security and privacy requirements from relevant legislation and it briefly presents the foundations of such a framework along with an example.

Original language	English
Title of host publication	Requirements Engineering
Subtitle of host publication	Foundation for Software Quality - 16th International Working Conference, REFSQ 2010, Proceedings
Pages	255-261
Number of pages	7
DOIs	https://doi.org/10.1007/978-3-642-14192-8_23
State	Published - 2010
Event	16th International Working Conference on Requirements Engineering: Foundation for Software Quality, REFSQ 2010 - Essen, Germany Duration: 30 Jun 2010 → 2 Jul 2010

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6182 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th International Working Conference on Requirements Engineering: Foundation for Software Quality, REFSQ 2010
Country/Territory	Germany
City	Essen
Period	30/06/10 → 2/07/10

Keywords

evolving legislation
modelling
privacy requirements
Secure Tropos
Security requirements

Access to Document

10.1007/978-3-642-14192-8_23

Cite this

Islam, S., Mouratidis, H., & Wagner, S. (2010). Towards a framework to elicit and manage security and privacy requirements from laws and regulations. In Requirements Engineering: Foundation for Software Quality - 16th International Working Conference, REFSQ 2010, Proceedings (pp. 255-261). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6182 LNCS). https://doi.org/10.1007/978-3-642-14192-8_23

Islam, Shareeful ; Mouratidis, Haralambos ; Wagner, Stefan. / Towards a framework to elicit and manage security and privacy requirements from laws and regulations. Requirements Engineering: Foundation for Software Quality - 16th International Working Conference, REFSQ 2010, Proceedings. 2010. pp. 255-261 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{917eb72a7def409e8091a36eb90b09a7,

title = "Towards a framework to elicit and manage security and privacy requirements from laws and regulations",

abstract = "[Context and motivation] The increasing demand of software systems to process and manage sensitive information has led to the need that software systems should comply with relevant laws and regulations, which enforce the privacy and other aspects of the stored information. [Question/problem] However, the task is challenging because concepts and terminology used for requirements engineering are mostly different to those used in the legal domain and there is a lack of appropriate modelling languages and techniques to support such activities. [Principal ideas/results] The legislation need to be analysed and align with the system requirements. [Contribution] This paper motivates the need to introduce a framework to assist the elicitation and management of security and privacy requirements from relevant legislation and it briefly presents the foundations of such a framework along with an example.",

keywords = "evolving legislation, modelling, privacy requirements, Secure Tropos, Security requirements",

author = "Shareeful Islam and Haralambos Mouratidis and Stefan Wagner",

year = "2010",

doi = "10.1007/978-3-642-14192-8_23",

language = "English",

isbn = "3642141919",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "255--261",

booktitle = "Requirements Engineering",

note = "16th International Working Conference on Requirements Engineering: Foundation for Software Quality, REFSQ 2010 ; Conference date: 30-06-2010 Through 02-07-2010",

}

Islam, S, Mouratidis, H & Wagner, S 2010, Towards a framework to elicit and manage security and privacy requirements from laws and regulations. in Requirements Engineering: Foundation for Software Quality - 16th International Working Conference, REFSQ 2010, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6182 LNCS, pp. 255-261, 16th International Working Conference on Requirements Engineering: Foundation for Software Quality, REFSQ 2010, Essen, Germany, 30/06/10. https://doi.org/10.1007/978-3-642-14192-8_23

Towards a framework to elicit and manage security and privacy requirements from laws and regulations. / Islam, Shareeful; Mouratidis, Haralambos; Wagner, Stefan.
Requirements Engineering: Foundation for Software Quality - 16th International Working Conference, REFSQ 2010, Proceedings. 2010. p. 255-261 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6182 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Towards a framework to elicit and manage security and privacy requirements from laws and regulations

AU - Islam, Shareeful

AU - Mouratidis, Haralambos

AU - Wagner, Stefan

PY - 2010

Y1 - 2010

N2 - [Context and motivation] The increasing demand of software systems to process and manage sensitive information has led to the need that software systems should comply with relevant laws and regulations, which enforce the privacy and other aspects of the stored information. [Question/problem] However, the task is challenging because concepts and terminology used for requirements engineering are mostly different to those used in the legal domain and there is a lack of appropriate modelling languages and techniques to support such activities. [Principal ideas/results] The legislation need to be analysed and align with the system requirements. [Contribution] This paper motivates the need to introduce a framework to assist the elicitation and management of security and privacy requirements from relevant legislation and it briefly presents the foundations of such a framework along with an example.

AB - [Context and motivation] The increasing demand of software systems to process and manage sensitive information has led to the need that software systems should comply with relevant laws and regulations, which enforce the privacy and other aspects of the stored information. [Question/problem] However, the task is challenging because concepts and terminology used for requirements engineering are mostly different to those used in the legal domain and there is a lack of appropriate modelling languages and techniques to support such activities. [Principal ideas/results] The legislation need to be analysed and align with the system requirements. [Contribution] This paper motivates the need to introduce a framework to assist the elicitation and management of security and privacy requirements from relevant legislation and it briefly presents the foundations of such a framework along with an example.

KW - evolving legislation

KW - modelling

KW - privacy requirements

KW - Secure Tropos

KW - Security requirements

UR - http://www.scopus.com/inward/record.url?scp=77955462130&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-14192-8_23

DO - 10.1007/978-3-642-14192-8_23

M3 - Conference contribution

AN - SCOPUS:77955462130

SN - 3642141919

SN - 9783642141911

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 255

EP - 261

BT - Requirements Engineering

T2 - 16th International Working Conference on Requirements Engineering: Foundation for Software Quality, REFSQ 2010

Y2 - 30 June 2010 through 2 July 2010

ER -

Islam S, Mouratidis H, Wagner S. Towards a framework to elicit and manage security and privacy requirements from laws and regulations. In Requirements Engineering: Foundation for Software Quality - 16th International Working Conference, REFSQ 2010, Proceedings. 2010. p. 255-261. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-14192-8_23

Towards a framework to elicit and manage security and privacy requirements from laws and regulations

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this