Extracting security requirements from relevant laws and regulations

F. Jorshari, H. Mouratidis, Shareeful Islam
{"title":"Extracting security requirements from relevant laws and regulations","authors":"F. Jorshari, H. Mouratidis, Shareeful Islam","doi":"10.1109/RCIS.2012.6240443","DOIUrl":null,"url":null,"abstract":"For software systems that process and manage sensitive information, compliance with laws has become not an option but a necessity. Analysing relevant laws and aligning them with the system requirements is necessary for attaining compliance issues. But analyzing laws within the context of software system requirements is a difficult task, mainly because the concepts used in legal texts are different compared to the concepts used in requirements engineering. This paper contributes to that direction. In particular it presents a process to model and analyse laws and regulations and to support the elicitation of security requirements based on the relevant legal and system context. Finally a case study is used to demonstrate the applicability of the proposed approach.","PeriodicalId":130476,"journal":{"name":"2012 Sixth International Conference on Research Challenges in Information Science (RCIS)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Sixth International Conference on Research Challenges in Information Science (RCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RCIS.2012.6240443","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10

Abstract

For software systems that process and manage sensitive information, compliance with laws has become not an option but a necessity. Analysing relevant laws and aligning them with the system requirements is necessary for attaining compliance issues. But analyzing laws within the context of software system requirements is a difficult task, mainly because the concepts used in legal texts are different compared to the concepts used in requirements engineering. This paper contributes to that direction. In particular it presents a process to model and analyse laws and regulations and to support the elicitation of security requirements based on the relevant legal and system context. Finally a case study is used to demonstrate the applicability of the proposed approach.
从相关法律法规中提取安全需求
对于处理和管理敏感信息的软件系统来说,遵守法律已不再是一种选择,而是一种必要。分析相关法律,并使其与系统需求保持一致,这对于实现遵从性问题是必要的。但是在软件系统需求的上下文中分析法律是一项困难的任务,主要是因为法律文本中使用的概念与需求工程中使用的概念不同。本文对这一方向作出了贡献。特别是,它提出了一个过程来模拟和分析法律和法规,并支持基于相关法律和制度背景的安全要求的引出。最后,通过一个案例研究证明了所提方法的适用性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信