Designing Secure and Privacy-Aware Information Systems

Pervasiveness of information systems is well underway, redefining our social and economic relationships. This technological revolution has generated enormous capabilities, but also enabled the creation of new vulnerabilities and threats. A major challenge in the field of information systems is therefore, to ensure the trustworthiness of the underlying technologies that make possible the generation, collection, storage, processing and transmission of user data at rates more intensive than ever before. Trust in information systems depends on different aspects, one of which is the security of user's data. Data security is referred as the protection of user's data from corruption and unauthorized access. Another important aspect of trust is the protection of user's privacy. Protecting privacy is about complying with user's desires when it comes to handling personal information. Without security to guarantee data protection, appropriate uses of that data cannot be realized. This implies that security and privacy issues are inherently intertwined and should be viewed synergistically. The aim of this paper is to elevate modern practices for ensuring security and privacy during software systems analysis and design. To this end, the basic security and privacy requirements that should be considered are introduced. Additionally, a number of well known methods in the research area of requirements engineering which focus on eliciting and modeling security and privacy requirements are described. Finally, a comparative analysis between these methods is presented.

• Publication year

  2017

• Venue

  International Journal of Secure Software Engineering

• Publication date

  2017-04-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.4018/IJSSE.2017040101
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Security Requirements Engineering: A Systematic Mapping (2010-2015)

  2016cited by this paper
• Survey on Data Integrity in Cloud

  2016cited by this paper
• Online The Open University ’ s repository of research publications and other research outputs A framework for security requirements engineering

  2016cited by this paper
• Data and Applications Security and Privacy XXIX

  2015cited by this paper
• Privacy, consumer trust and big data: Privacy by design and the 3 C'S

  2015cited by this paper
• Designing Privacy-Aware Systems in the Cloud

  2015cited by this paper
• Continuous Certification of Non-repudiation in Cloud Storage Services

  2014cited by this paper
• A Method for Eliciting Security Requirements from the Business Process Models

  2014cited by this paper
• A Review of Security Requirements Engineering Methods with Respect to Risk Analysis and Model-Driven Engineering

  2014cited by this paper
• Problem-Based Security Requirements Elicitation and Refinement with PresSuRE

  2014cited by this paper
• Encryption and Fragmentation for Data Confidentiality in the Cloud

  2013cited by this paper
• Security Issues in Cloud Computing

  2012cited by this paper
• Model Oriented Security Requirements Engineering (MOSRE) Framework for Web Applications

  2012cited by this paper
• Addressing cloud computing security issues

  2012cited by this paper
• Model Based Process to Support Security and Privacy Requirements Engineering

  2012cited by this paper
• Comparing Privacy Requirements Engineering Approaches

  2012cited by this paper
• Security Issues in Cloud Computing

  2011cited by this paper
• A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements

  2011cited by this paper
• Designing Privacy Aware Information Systems

  2011cited by this paper
• A survey on security issues in service delivery models of cloud computing

  2011cited by this paper
• A comparison of security requirements engineering methods

  2010cited by this paper
• A systematic review of security requirements engineering

  2010cited by this paper
• Pervasive Information Security and Privacy Developments: Trends and Advancements

  2010cited by this paper
• A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management

  2010cited by this paper
• On Non-Functional Requirements in Software Engineering

  2009cited by this paper
• Security Requirements Engineering: A Framework for Representation and Analysis

  2008cited by this paper
• Computer-Aided Privacy Requirements Elicitation Technique

  2008cited by this paper
• Addressing privacy requirements in system design: the PriS method

  2008cited by this paper
• A common criteria based security requirements engineering process for the development of secure information systems

  2007cited by this paper
• Protecting privacy in system design: the electronic voting case

  2007cited by this paper
• Privacy patterns for online interactions

  2006cited by this paper
• Security Patterns: Integrating Security and Systems Engineering

  2006cited by this paper
• Security quality requirements engineering (SQUARE) methodology

  2005cited by this paper
• STRAP: A Structured Analysis Framework for Privacy

  2005cited by this paper
• Privacy risk models for designing privacy-sensitive ubiquitous computing systems

  2004cited by this paper
• Enhancing Web privacy and anonymity in the digital era

  2004cited by this paper
• A framework for the governance of information security

  2004cited by this paper
• An Ontology for Modelling Security: The Tropos Approach

  2003cited by this paper
• Security and privacy requirements analysis within a social setting

  2003cited by this paper
• Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems

  2003cited by this paper
• Designing for Privacy in a Multi-agent World

  2002cited by this paper
• Agent-based tactics for goal-oriented requirements elaboration

  2002cited by this paper
• Security Patterns and Security Standards

  2002cited by this paper
• Designing for privacy and other competing requirements

  2002cited by this paper
• Deriving operational software specifications from system goals

  2002cited by this paper
• Analyzing security requirements as relationships among strategic actors

  2002cited by this paper
• A Model for Information Assurance: An Integrated Approach

  2001cited by this paper
• Towards an Agent Oriented Approach to Software Engineering

  2001cited by this paper
• IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms

  2001cited by this paper
• Non-Functional Requirements in Software Engineering

  2000cited by this paper
• Handling Obstacles in Goal-Oriented Requirements Engineering

  2000cited by this paper
• Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems

  2000cited by this paper
• Managing Conflicts in Goal-Driven Requirements Engineering

  1998cited by this paper
• Towards modelling and reasoning support for early-phase requirements engineering

  1997cited by this paper
• Formal refinement patterns for goal-driven requirements elaboration

  1996cited by this paper
• Goal-directed elaboration of requirements for a meeting scheduler: problems and lessons learnt

  1995cited by this paper
• Goal-Directed Requirements Acquisition

  1993cited by this paper
• Design for Privacy in Ubiquitous Computing Environments

  1993cited by this paper
• Modeling organizations for information systems requirements engineering

  1993cited by this paper
• Dealing with Security Requirements During the Development of Information Systems

  1993cited by this paper
• Diensteintegrierende Kommunikationsnetze mit teilnehmerüberprüfbarem Datenschutz

  1990cited by this paper

• On Ontology of Integration Between Access Control and Business Process Deep Structure

  2020cites this paper
• Collaborative security risk estimation in agile software development

  2019cites this paper