Browsing by Author "Zarrabi, Jorshari Fatemeh"

Now showing 1 - 6 of 6
  • Thumbnail Image
    ItemOpen Access
    Changes in Conducting Data Protection Risk Assessment: Before and After GDPR implementation
    (arxiv, 2023-04-24) Zarrabi, Jorshari Fatemeh; Wagner, Isabel; Boiten, Eerke Albert
    Based on Article 35 of the EU (European Union) General Data Protection Regu- lation, a Data Protection Impact Assessment (DPIA) is necessary whenever there is a possibility of a high privacy and data protection risk to individuals caused by a new project under development. A similar process to DPIA had been previously known as Privacy Impact Assessment (PIA). We are investigating here to find out if GDPR and DPIA specifically as its privacy risk assessment tool have resolved the challenges privacy practitioners were previously facing in implementing PIA. To do so, our methodology is based on comparison and thematic analysis on two sets of focus groups we held with privacy professionals back in January 2018 (four months before GDPR came into effect) and then in November 2019 (18 months after GDPR implementation
  • No Thumbnail Available
    ItemMetadata only
    Extracting security requirements from relevant laws and regulations
    (IEEE, 2012-07-16) Zarrabi, Jorshari Fatemeh; Mouratidis, H.; Islam, S.
    —For software systems that process and manage sensitive information, compliance with laws has become not an option but a necessity. Analysing relevant laws and aligning them with the system requirements is necessary for attaining compliance issues. But analyzing laws within the context of software system requirements is a difficult task, mainly because the concepts used in legal texts are different compared to the concepts used in requirements engineering. This paper contributes to that direction. In particular it presents a process to model and analyse laws and regulations and to support the elicitation of security requirements based on the relevant legal and system context. Finally a case study is used to demonstrate the applicability of the proposed approach.
  • Thumbnail Image
    ItemOpen Access
    A High-Level Scheme for an Ontology-Based Compliance Framework in Software Development
    (IEEE, 2019-04-11) Zarrabi, Jorshari Fatemeh; Tawil, Abdel-Rahman
    Software development market is currently witnessing an increasing demand for software applications conformance with the international regime of GRC for Governance, Risk and Compliance. In this paper, we propose a compliance requirement analysis method for early stages of software development based on a semantically-rich model, where a mapping can be established from legal and regulatory requirements relevant to system context to software system business goals and contexts. The proposed semantic model consists of a number of ontologies each corresponding to a knowledge component within the developed framework of our approach. Each ontology is a thesaurus of concepts in the compliance and risk assessment domain related to system development along with relationships and rules between concepts that compromise the domain knowledge. The main contribution of the work presented in this paper is a case study that demonstrates how description-logic reasoning techniques can be used to simulate legal reasoning requirements employed by legal professions against the description of each ontology.
  • No Thumbnail Available
    ItemMetadata only
    A Meta-model for Legal Compliance and Trustworthiness of Information Systems
    (Springer, 2012-06-25) Zarrabi, Jorshari Fatemeh; Pavlidis, Michalis; Mouratidis, H.; Preston, David; Islam, S.
    Information systems manage and hold a huge amount of important and critical information. For this reason, information systems must be trustworthy and should comply with relevant laws and regulations. Legal issues should be incorporated into the system development process and there should be a systematic and structured assessment of a system’s trustworthiness to fulfil relevant legal obligations. This paper presents a novel meta-model, which combines legal and trust related concepts, to enable information systems developers to model and reason about the trustworthiness of a system in terms of its law compliance. A case study is used to demonstrate the applicability and benefits of the proposed meta-model.
  • Thumbnail Image
    ItemOpen Access
    A Semantic Rule-Based Approach for Software Privacy by Design
    (Institute of Research and Journals, 2019-05) Zarrabi, Jorshari Fatemeh; Brimicombe, Allan
    Information system business is currently witnessing an increasing demand for system conformance with the international regime of GRC Governance, Risk and Compliance. Among different compliance approaches, data protection and privacy laws plays a key role. In this paper, we propose a compliance requirement analysis method from early stages of system modelling based on a semantically-rich model, where a mapping can be established from data protection and privacy requirements defined by laws and regulations to system business goals and contexts. The early consideration of requirements satisfies Privacy by Design, a key concept in General Data Protection Regulation 2012. The proposed semantic model consists of a number of ontologies each corresponding to a knowledge component within the developed framework of our approach. Each ontology is a thesaurus of concepts in the compliance related to system along with relationships and rules between these concepts that encompass the domain knowledge. The main contribution of the work presented in this paper is the ontology-based compliance framework that demonstrates how description-logic reasoning techniques can be used to simulate legal reasoning requirements employed by legal professions against the description of each ontology.
  • Thumbnail Image
    ItemOpen Access
    To Comply Software and IT System Development with Related Laws
    (2011-01-09) Zarrabi, Jorshari Fatemeh; Islam, S.; Mouratidis, H.
    . Accretion procedure of crimes and security breaches against the privacy of individual’s information and their maintenance information systems has cost huge amount of financial and other resources loose. Consequently governments take serious actions toward approving protective legislation against cyber crimes and it will be duty of software developers to adopt policies and measures to ensure that their designed systems are compatible with existing laws and their amendments. Since information technology and legislation are two quite distinct sciences, existence of a mechanism to do this adjustment and satisfy security and legal requirements of a designing software system is very essential. This paper is representing a framework that will help IT professionals to extract security requirements from relevant rules and use them in design of a system which is in accordance with those rules. It is giving brief discussion of the framework’s methodology and design of a simulating computer-aided system of this framework. It also reports the research progress and new discovered conclusions.