Title :
Privacy Risk Assessment in Privacy Requirements Engineering
Author :
Abu-Nimeh, Saeed ; Mead, Nancy R.
Author_Institution :
Websense Security Labs., San Diego, CA, USA
Abstract :
In spite of the overlap between privacy requirements engineering and security requirements engineering, each addresses a different set of problems. As a result, security risk assessment techniques used in security requirements engineering may be unsuitable to assess privacy risks. This paper proposes considering security risk assessment along with privacy impact and risk assessment approaches using the Security Quality Requirements Engineering (SQUARE) method. The study focuses on PIA and HIPAA as privacy risk assessment techniques.
Keywords :
data privacy; health care; insurance; security of data; systems analysis; PIA; health insurance portability and accountability act; privacy impact assessment; privacy requirements engineering; privacy risk assessment; security quality requirements engineering method; security risk assessment techniques; Collaboration; Concrete; Data engineering; Data privacy; Data security; Guidelines; Information security; Real time systems; Risk analysis; Risk management;
Conference_Titel :
Requirements Engineering and Law (RELAW), 2009 Second International Workshop on
Conference_Location :
Atlanta, GA
Print_ISBN :
978-1-4244-7696-1
Electronic_ISBN :
978-0-7695-4102-0
DOI :
10.1109/RELAW.2009.10
