Your search keyword '"SAP Research (SAP Research)"' showing total 1 results

1. How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

Author

Luca Compagna, Nicola Zannone, Alžbeta Krausová, Paul El Khoury, Fabio Massacci, Mathematics and Computer Science, Security, SAP Research (SAP Research), Base de Données (BD), Laboratoire d'InfoRmatique en Image et Systèmes d'information (LIRIS), Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Centre National de la Recherche Scientifique (CNRS)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-École Centrale de Lyon (ECL), Université de Lyon-Université Lumière - Lyon 2 (UL2)-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Université Lumière - Lyon 2 (UL2), Catholic University of Leuven - Katholieke Universiteit Leuven (KU Leuven), and University of Trento [Trento]

Subjects

Information privacy, Cloud computing security, Privacy by Design, Privacy software, Computer science, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, Security engineering, Security service, Artificial Intelligence, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Security through obscurity, [INFO]Computer Science [cs], Law, Personally identifiable information, computer

Abstract

International audience; Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control Infrastructure, etc.) have been proposed to address security and privacy issues. However, understanding why, and when such solutions have to be adopted is often unanswered because the answer comes only from a broader perspective, accounting for legal and organizational issues. Security engineers and legal experts should analyze the business goals of a company and its organizational structure and derive from there the points where security and privacy problems may arise and which solutions best fit such (legal) problems. The paper investigates the methodological support for capturing security and privacy requirements of a concrete health care provider.

Published

2009