Evaluating existing security and privacy requirements for legal compliance

Requirements Engineering

Volumn 15, Issue 1, 2010, Pages 119-137

  Massey, Aaron K ^a   Otto, Paul N ^a,b   Hayward, Lauren J ^a   Antón, Annie I ^a  

^a North Carolina State University   (United States)

^b DUKE UNIVERSITY   (United States)

Author keywords

Legal compliance; Privacy requirements; Refactoring requirements; Security requirements

Indexed keywords

ELECTRONIC HEALTH RECORD; HEALTHCARE DOMAINS; LEGAL COMPLIANCE; LEGAL REQUIREMENTS; OPEN-SOURCE; PRIVACY REQUIREMENTS; REFACTORINGS; REQUIREMENTS ENGINEERING TECHNIQUES; REQUIREMENTS ENGINEERS; SECURITY AND PRIVACY; SECURITY REQUIREMENTS; SYSTEM REQUIREMENTS;

LAWS AND LEGISLATION; RECORDS MANAGEMENT;

REQUIREMENTS ENGINEERING;

EID: 77950519059     PISSN: 09473602     EISSN: 1432010X     Source Type: Journal    
DOI: 10.1007/s00766-009-0089-5     Document Type: Article

References (34)

1. Choi YB, Capitan KE, Krause JS, Streeper MM (2006) Challenges associated with privacy in health care industry: implementation of HIPAA and the security rules. J Med Syst 30(1):57-64
2. DesRoches CM, Campbell EG, Rao SR, Donelan K, Ferris TG, Jha A, Kaushal R, Levy DE, Rosenbaum S, Shields AE, Blumenthal D (2008) Electronic health records in ambulatory care-a national survey of physicians. N Engl J Med 359(1): 50-60
3. Williams L, Shin Y (2006) WIP: exploring security and privacy concepts through the development and testing of the iTrust medical records system. Front Educ S1F30-31
4. Otto PN, Antón AI (2007) Addressing legal requirements in requirements engineering. In: Proceedings of the 15th IEEE international requirements engineering conference, pp 5-14
5. Earp JB(2001)In:Ghosh AK(ed) Recentadvancesin E-commerce security and privacy. Kluwer, Dordrecht, pp 29-46
6. Breaux TD, Antón AI (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Trans Softw Eng 34(1):5-20
7. Robinson W (2005) Implementing rule-based monitors within a framework for continuous requirements monitoring. In: Proceedings of the 38th Hawaii international conference on system sciences, pp 188-197
8. Otoya S, Cerpa N (1999) An experience: a small software company attempting to improve its process. In: Proceedings of the software technology and engineering practice, pp 153-160
9. Beaver K, Herold R (2004) The practical guide to HIPAA privacy and security compliance. Auerbach, Philadelphia
10. Garner BA (ed) (2004) Black's law dictionary, 8th edn. Thompson West
11. Breaux TD, Antón AI, Karat C-M, Karat J (2006)Enforceability vs. accountability in electronic policies. In: Proceedings of the seventh IEEE international workshop on policies for distributed systems and networks, pp 227-230
12. Breaux TD, Vail MW, Antón AI (2006) Towards regulatory compliance: extracting rights and obligations to align requirements with regulations. In: RE'06: Proceedings of the 14th IEEE international requirements engineering conference, pp 49-58
13. Barth A, Datta A, Mitchell JC, Nissenbaum H (2006) Privacy and contextual integrity: framework and applications. In: Proceedings of the 2006 IEEE symposium on security and privacy, pp 184-198
14. May MJ, Gunter CA, Lee I (2006) Privacy APIs: access control techniques to analyze and verify legal privacy policies. In: 19th IEEE computer security foundations workshop (CSFW'06), pp 85-97
15. Massacci F, Prest M, Zannone N (2005) Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Comput Stand Interfaces 27(5):445-455
16. Carter R, Dagnino A, Dempster J, Siege D (2001) Deriving goals from a use-case based requirements specification. Requirements Eng 6(1):63-73
17. Glinz M (2000) Problems and deficiencies of uml as a requirements specification language. In: Tenth international workshop on software specification and design, pp 11-22
18. Alspaugh TA, Antón AI (2008) Scenario support for effective requirements. Inf Softw Technol 50(3):198-220
19. Ben Achour C, Rolland C, Maiden NAM, Souveyet C (1999) Guiding use case authoring: results of an empirical study. In: Proceedings of the IEEE international symposium on requirements engineering, pp 36-43
20. Berenbach BA (2004) Comparison of uml and text based requirements engineering. In: OOPSLA'04: companion to the 19th annual ACM SIGPLAN conference on object-oriented programming systems, languages, and applications, ACM, pp 247-252
21. Maiden NAM (1998) CREWS-SAVRE: scenarios for acquiring and validating requirements. Autom Softw Eng 5(4):419-446
22. Potts C, Takahashi K, Antón A (1994) Inquiry-based requirements analysis. IEEE Softw 11:21-32
23. Sutcliffe A (2003) Scenario-based requirements engineering. In: Proceedings of the 11th IEEE international requirements engineering conference, pp 320-329
24. Earp JB, Carter RA (2003) Precluding incongruous behavior by aligning software requirements with security and privacy policies. Inf Softw Technol 45(14):967-977
25. Breaux TD (2009) Legal requirements acquisition for the specification of legally compliant information systems. PhD thesis, North Carolina State University
26. Breaux TD, Antón AI (2005) Mining rule semantics to understand legislative compliance. In: WPES'05: proceedings of the 2005 ACM workshop on privacy in the electronic society, pp 51-54
27. Williams L, Xie T, Meneely A, Hayward L (2008a) iTrust medical care requirements specification. http://agile.csc.ncsu.edu/iTrust/wiki/doku.php?id=requirements
28. Williams L, Xie T, Meneely A, Hayward L, Massey A (2008) iTrust medical care requirements specification. http://agile.csc.ncsu.edu/iTrust/wiki/doku.php?id=lauren791e
29. Allenby K, Kelly T (2001) Deriving safety requirements using scenarios. In: Proceedings of the fifth IEEE international symposium on requirements engineering, pp 228-235
30. Antón AI (1996) Goal-based requirements analysis. In: Proceedings of the second international conference on requirements engineering, pp 136-144, 15-18
31. Potts C (1998) The use of goals to surface requirements for evolving systems. In: Proceedings of the 1998 international conference on software engineering, pp 157-166, 19-25
32. van Lamsweerde A. (2001) Goal-oriented requirements engineering: a guided tour. In: Proceedings of the fifth IEEE international symposium on requirements engineering, pp 249-262
33. Weidenhaupt K, Pohl K, Jarke M, Haumer P (1998) Scenarios in system development: current practice. IEEE Softw 15:34-45
34. Whittle J, Schumann J (2000) Generating Statechart designs from scenarios. In: Proceedings of the 2000 international conference on software engineering, pp 314-323