Extracting security requirements from relevant laws and regulations
Date
Advisors
Journal Title
Journal ISSN
ISSN
2151-1349
Volume Title
Publisher
Type
Peer reviewed
Abstract
—For software systems that process and manage sensitive information, compliance with laws has become not an option but a necessity. Analysing relevant laws and aligning them with the system requirements is necessary for attaining compliance issues. But analyzing laws within the context of software system requirements is a difficult task, mainly because the concepts used in legal texts are different compared to the concepts used in requirements engineering. This paper contributes to that direction. In particular it presents a process to model and analyse laws and regulations and to support the elicitation of security requirements based on the relevant legal and system context. Finally a case study is used to demonstrate the applicability of the proposed approach.