Integrating privacy requirements into security requirements engineering

Proceedings of the 21st International Conference on Software Engineering and Knowledge Engineering, SEKE 2009

Volumn , Issue , 2009, Pages 542-547

  Abu Nimeh, Saeed ^a   Miyazaki, Seiya ^b   Mead, Nancy R ^c  

^a Websense Security Labs   (United States)

^b PANASONIC CORPORATION   (Japan)

^c CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

MODIFIED MODEL; PRIVACY ISSUE; PRIVACY REQUIREMENTS; SECURITY REQUIREMENTS ENGINEERING; SECURITY RISK ASSESSMENTS; SOFTWARE SECURITY;

INTEGRATION; KNOWLEDGE ENGINEERING; REQUIREMENTS ENGINEERING; RISK ASSESSMENT; SOFTWARE ENGINEERING;

ENGINEERING;

EID: 77950516100     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (17)

1. N. R. Mead, E. Hough, and T. Stehney, "Security quality requirements engineering (SQUARE) methodology," Software Engineering Institute, Carnegie Mellon University, CMU/SEI-2005-TR-009, 2005, http://www.sei.cmu.edu/ publications/documents/05.reports/05tr009.html.
2. A. Chiasera, F. Casati, F. Daniel, and Y. Velegrakis, "Engineering privacy requirements in business intelligence applications," in SDM '08: Proceedings of the 5th VLDB workshop on Secure Data Management. Berlin, Heidelberg: Springer-Verlag, 2008, pp. 219-228.
3. S. L. Pfleeger and C. P. Pfleeger, "Harmonizing privacy with security principles and practices," IBM Journal for research and development, accepted.
4. A. Adams and M. A. Sasse, "Privacy in multimedia communications: Protecting users, not just data," in Proceedings of IMH HCI'01. Springer, 2001, pp. 49-64.
5. D. Mellado, E. Fernández-Medina, and M. Piattini, "A common criteria based security requirements engineering process for the development of secure information systems," Comput. Stand. Interfaces, vol. 29, no. 2, pp. 244-253, 2007.
6. M. Madsen, "EHR privacy risk assessment using qualitative methods," in HIC 2008 Conference: Australia's Health Informatics Conference, 2008.
7. J. C. Dennis, "Leading the HIPAA privacy risk assessment," in AHIMA Convention Proceedings, 2001.
8. S. Miyazaki, N. Mead, and J. Zhan, "Computer-aided privacy requirements elicitation technique," Asia-Pacific Conference on Services Computing., vol. 0, pp. 367-372, 2008.
9. B. K. Markert, "Comparison of three online privacy seal programs," SANS Institute, Tech. Rep., 2002.
10. OECD and Microsoft Corp., "OECD privacy statement generator," 2000. [Online]. Available: http://www2.oecd.org/pwv3/
11. J. H. Allen, S. Barnum, R. J. Ellison, G. McGraw, and N. R. Mead, Software Security Engineering: A Guide for Project Managers. Addison-Wesley, 2008.
12. T. Mitrano, D. R. Kirby, and L. Maltz, "What does privacy have to do with it? privacy risk assessment," in Security Professionals Conference, 2005, presentation.
13. National Institute of Standards and Technology, "Risk management guide for information technology systems," 2002. [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
14. Y. Y. Haimes, Risk Modeling, Assessment, and Management, 2nd ed. Wiley-Interscience, 2004.
15. Statistics Canada, "Privacy impact assessment," 2008. [Online]. Available: http://www.statcan.gc.ca/about-apercu/pia-efrvp/gloss-eng.htm
16. Internal Revenuse Service, "Model information technology privacy impact assessment," 1996. [Online]. Available: http://www.cio.gov/ Documents/pia-for-it-irs-model.pdf
17. R. R. Heckle and S. H. Holden, "Analytical tools for privacy risks: Assessing efficacy on vote verification technologies," in Symposium On Usable Privacy and Security, 2006, poster.