Title :
Extracting security requirements from relevant laws and regulations
Author :
Jorshari, Fatemeh Zarrabi ; Mouratidis, Haralambos ; Islam, Shareeful
Author_Institution :
Sch. of Archit., Comput. & Eng., Univ. of East London, London, UK
Abstract :
For software systems that process and manage sensitive information, compliance with laws has become not an option but a necessity. Analysing relevant laws and aligning them with the system requirements is necessary for attaining compliance issues. But analyzing laws within the context of software system requirements is a difficult task, mainly because the concepts used in legal texts are different compared to the concepts used in requirements engineering. This paper contributes to that direction. In particular it presents a process to model and analyse laws and regulations and to support the elicitation of security requirements based on the relevant legal and system context. Finally a case study is used to demonstrate the applicability of the proposed approach.
Keywords :
law; security of data; systems analysis; compliance issues; legal texts; requirements engineering; security requirements; sensitive information; software system requirements; Analytical models; Context; Law; Object recognition; Security; Smart cards; Duty dependency; Hohfeld; Right dependency; Secure Tropos;
Conference_Titel :
Research Challenges in Information Science (RCIS), 2012 Sixth International Conference on
Conference_Location :
Valencia
Print_ISBN :
978-1-4577-1936-3
Electronic_ISBN :
2151-1349
DOI :
10.1109/RCIS.2012.6240443
