Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation

Computer Standards and Interfaces

Volumn 27, Issue 5, 2005, Pages 445-455

  Massacci, Fabio ^a   Prest, Marco ^a   Zannone, Nicola ^a  

^a UNIVERSITY OF TRENTO   (Italy)

Author keywords

Information security management system; Security requirements engineering; Standard for privacy protection

Indexed keywords

DATA PRIVACY; LAWS AND LEGISLATION; REGULATORY COMPLIANCE; REQUIREMENTS ENGINEERING; STANDARDS; TECHNICAL PRESENTATIONS;

INFORMATION SECURITY MANAGEMENT SYSTEMS; SECURITY REQUIREMENTS ENGINEERING; STANDARD FOR PRIVACY PROTECTION; UNIVERSITY OF TRENTO;

SECURITY OF DATA;

EID: 17744386721     PISSN: 09205489     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.csi.2005.01.003     Document Type: Article

References (14)

1. A.I. Antòn, and J.B. Earp A requirements taxonomy for reducing web site privacy vulnerabilities Requir. Eng. 9 3 2004 169 185
2. L. Liu, E.S.K. Yu, and J. Mylopoulos Security and privacy requirements analysis within a social setting Proc. of RE'03 2003 151 161
3. P. Giorgini, F. Massacci, J. Mylopoulous, and N. Zannone Requirements engineering meets trust management: model, methodology, and reasoning Proc. of iTrust-04, LNCS 2995 2004 176 190
4. G. Sindre, and A.L. Opdahl Eliciting security requirements by misuse cases Proc. of TOOLS Pacific 2000 2000 120 131
5. A. van Lamsweerde, S. Brohez, R. De Landt-sheer, and D. Janssens From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering Proc. of RHAS'03 2003 49 56
6. J. Jürjens Secure systems development with UML 2004 Springer-Verlag
7. ISO/IEC Information technology-code of practice for information security management ISO/IEC 17799 2000
8. M.Y. Becker, and P. Sewell Cassandra: flexible trust management, applied to electronic health records Proc. of CSFW'04 2004 139 154
9. A.R.-W. Fung, K.-J. Farn, and A.C. Lin Paper: a study on the certification of the information security management systems Comput. Stand. Interfaces 25 5 2003 447 461
10. P. Giorgini, F. Massacci, J. Mylopoulous, and N. Zannone Filling the gap between requirements engineering and public key/trust management infrastructures Proc. of EuroPKI'04, LNCS 3093 2004 98 111
11. F. Massacci, M. Prest, N. Zannone, Using a Security Requirements Engineering Methodology in Practice: The compliance with the Italian Data Protection Legislation, Technical Report DIT-04-103, Univ. di Trento 2004. Available on the web at http://eprints.biblio.unitn.it.
12. P. Williams Information security governance Inf. Secur. Tech. Rep. 6 3 2001 60 70
13. P. Bresciani, P. Giorgini, F. Giunchiglia, J. Mylopoulos, and A. Perini TROPOS: an agent-oriented software development methodology JAAMAS 8 3 2004 203 236
14. M. Backes, B. Pfitzmann, and M. Schunter A toolkit for managing enterprise privacy policies Proc. of ESORICS'03, LNCS 2808 2003 162 180