Precluding incongruous behavior by aligning software requirements with security and privacy policies

Precluding incongruous behavior by aligning software requirements with security and privacy policies

Keeping sensitive information secure is increasingly important in e-commerce and web-based applications in which personally identifiable information is electronically transmitted and disseminated. This paper discusses techniques to aid in aligning security and privacy policies with system requiremen...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Information and software technology 2003-11, Vol.45 (14), p.967-977
Hauptverfasser: Antón, Annie I, Earp, Julia B, Carter, Ryan A
Format: Artikel
Sprache:eng
Schlagworte:
Computer security
Confidentiality
Networks
Privacy
Privacy policy
Requirements alignment
Security policy
Software
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Keeping sensitive information secure is increasingly important in e-commerce and web-based applications in which personally identifiable information is electronically transmitted and disseminated. This paper discusses techniques to aid in aligning security and privacy policies with system requirements. Early conflict identification between requirements and policies enables analysts to prevent incongruous behavior, misalignments and unfulfilled requirements, ensuring that security and privacy are built in rather than added on as an afterthought. Validated techniques to identify conflicts between system requirements and the governing security and privacy policies are presented. The techniques are generalizable to other domains, in which systems contain sensitive information.
ISSN:0950-5849
1873-6025
DOI:10.1016/S0950-5849(03)00095-8