Extracting security requirements from relevant laws and regulations

Date

2012-07-16

Advisors

Journal Title

Journal ISSN

ISSN

2151-1357
2151-1349

Volume Title

Publisher

IEEE

Type

Conference

Peer reviewed

Yes

Abstract

—For software systems that process and manage sensitive information, compliance with laws has become not an option but a necessity. Analysing relevant laws and aligning them with the system requirements is necessary for attaining compliance issues. But analyzing laws within the context of software system requirements is a difficult task, mainly because the concepts used in legal texts are different compared to the concepts used in requirements engineering. This paper contributes to that direction. In particular it presents a process to model and analyse laws and regulations and to support the elicitation of security requirements based on the relevant legal and system context. Finally a case study is used to demonstrate the applicability of the proposed approach.

Description

Keywords

Hohfeld, Secure Tropos, Compliance

Citation

Jorshari, F.Z., Mouratidis, H. and Islam, S. (2012) Extracting security requirements from relevant laws and regulations. In: Proceedings of the 2012 Sixth International Conference on Research Challenges in Information Science (RCIS), Valencia, Spain, May 2012, IEEE, pp. 1-9.

Rights

Research Institute

Cyber Technology Institute (CTI)