Sciweavers

TSE
2008

Analyzing Regulatory Rules for Privacy and Security Requirements

13 years 3 months ago
Analyzing Regulatory Rules for Privacy and Security Requirements
Information practices that use personal, financial, and health-related information are governed by US laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the law, the security and privacy requirements of relevant software systems must properly be aligned with these regulations. However, these regulations describe stakeholder rules, called rights and obligations, in complex and sometimes ambiguous legal language. These "rules" are often precursors to software requirements that must undergo considerable refinement and analysis before they become implementable. To support the software engineering effort to derive security requirements from regulations, we present a methodology for directly extracting access rights and obligations from regulation texts. The methodology provides statement-level coverage for an entire regulatory document to consistently identify and infer six types of data access constraints, handle complex cross references, ...
Travis D. Breaux, Annie I. Antón
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2008
Where TSE
Authors Travis D. Breaux, Annie I. Antón
Comments (0)