Evaluating existing security and privacy requirements for legal compliance.

Saved in:
Bibliographic Details
Title: Evaluating existing security and privacy requirements for legal compliance.
Authors: Massey, Aaron K.1 akmassey@ncsu.edu, Otto, Paul N.1,2 paul.otto@law.duke.edu, Hayward, Lauren J.1 ljhaywar@ncsu.edu, Antón, Annie I.1 aianton@ncsu.edu
Source: Requirements Engineering. Mar2010, Vol. 15 Issue 1, p119-137. 19p. 4 Diagrams, 6 Charts.
Subjects: Computer security laws, Computer engineers, Medical records, Right of privacy, Electronic records
Abstract: Governments enact laws and regulations to safeguard the security and privacy of their citizens. In response, requirements engineers must specify compliant system requirements to satisfy applicable legal security and privacy obligations. Specifying legally compliant requirements is challenging because legal texts are complex and ambiguous by nature. In this paper, we discuss our evaluation of the requirements for iTrust, an open-source Electronic Health Records system, for compliance with legal requirements governing security and privacy in the healthcare domain. We begin with an overview of the method we developed, using existing requirements engineering techniques, and then summarize our experiences in applying our method to the iTrust system. We illustrate some of the challenges that practitioners face when specifying requirements for a system that must comply with law and close with a discussion of needed future research focusing on security and privacy requirements. [ABSTRACT FROM AUTHOR]
Copyright of Requirements Engineering is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 48147954
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Evaluating existing security and privacy requirements for legal compliance.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Massey%2C+Aaron+K%2E%22">Massey, Aaron K.</searchLink><relatesTo>1</relatesTo><i> akmassey@ncsu.edu</i><br /><searchLink fieldCode="AR" term="%22Otto%2C+Paul+N%2E%22">Otto, Paul N.</searchLink><relatesTo>1,2</relatesTo><i> paul.otto@law.duke.edu</i><br /><searchLink fieldCode="AR" term="%22Hayward%2C+Lauren+J%2E%22">Hayward, Lauren J.</searchLink><relatesTo>1</relatesTo><i> ljhaywar@ncsu.edu</i><br /><searchLink fieldCode="AR" term="%22Antón%2C+Annie+I%2E%22">Antón, Annie I.</searchLink><relatesTo>1</relatesTo><i> aianton@ncsu.edu</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Requirements+Engineering%22">Requirements Engineering</searchLink>. Mar2010, Vol. 15 Issue 1, p119-137. 19p. 4 Diagrams, 6 Charts.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Computer+security+laws%22">Computer security laws</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+engineers%22">Computer engineers</searchLink><br /><searchLink fieldCode="DE" term="%22Medical+records%22">Medical records</searchLink><br /><searchLink fieldCode="DE" term="%22Right+of+privacy%22">Right of privacy</searchLink><br /><searchLink fieldCode="DE" term="%22Electronic+records%22">Electronic records</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Governments enact laws and regulations to safeguard the security and privacy of their citizens. In response, requirements engineers must specify compliant system requirements to satisfy applicable legal security and privacy obligations. Specifying legally compliant requirements is challenging because legal texts are complex and ambiguous by nature. In this paper, we discuss our evaluation of the requirements for iTrust, an open-source Electronic Health Records system, for compliance with legal requirements governing security and privacy in the healthcare domain. We begin with an overview of the method we developed, using existing requirements engineering techniques, and then summarize our experiences in applying our method to the iTrust system. We illustrate some of the challenges that practitioners face when specifying requirements for a system that must comply with law and close with a discussion of needed future research focusing on security and privacy requirements. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Requirements Engineering is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=48147954
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1007/s00766-009-0089-5
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 19
        StartPage: 119
    Subjects:
      – SubjectFull: Computer security laws
        Type: general
      – SubjectFull: Computer engineers
        Type: general
      – SubjectFull: Medical records
        Type: general
      – SubjectFull: Right of privacy
        Type: general
      – SubjectFull: Electronic records
        Type: general
    Titles:
      – TitleFull: Evaluating existing security and privacy requirements for legal compliance.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Massey, Aaron K.
      – PersonEntity:
          Name:
            NameFull: Otto, Paul N.
      – PersonEntity:
          Name:
            NameFull: Hayward, Lauren J.
      – PersonEntity:
          Name:
            NameFull: Antón, Annie I.
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 03
              Text: Mar2010
              Type: published
              Y: 2010
          Identifiers:
            – Type: issn-print
              Value: 09473602
          Numbering:
            – Type: volume
              Value: 15
            – Type: issue
              Value: 1
          Titles:
            – TitleFull: Requirements Engineering
              Type: main
ResultId 1