A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design.
Alkubaisy, Duaa; Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Cox, Karl; Mouratidis, Haralambos
Mohammed Ghazi Al-Obeidallah
Leszek A. Maciaszek
Requirements elicitation, analysis, and, above all, early detection of conflicts and resolution, are among the most important, strategic, complex and crucial activities for preventing software system failures, and reducing costs related to reengineering/fixing actions. This is especially important when critical Requirements Classes are involved, such as Privacy and Security Requirements. Recently, organisations have been heavily fined for lack of compliance with data protection regulations, such as the EU General Data Protection Regulation (GDPR). GDPR requires organisations to enforce privacy-by-design activities from the early stages and for the entire software engineering cycle. Accordingly, requirements engineers need methods and tools for systematically identifying privacy and security requirements, detecting and solving related conflicts. Existing techniques support requirements identification without detecting or mitigating conflicts. The framework and tool we propose in this paper, called ConfIs, fills this gap by supporting engineers and organisations in these complex activities, with its systematic and interactive process. We applied ConfIs to a realistic GDPR example from the DEFeND EU Project, and evaluated its supportiveness, with positive results, by involving privacy and security requirements experts (This research is an extension of the study conducted by ALKUBAISY, D., PIRAS, L., AL-OBEIDALLAH, M.G., COX, K. and MOURATIDIS, H. 2021. ConfIs: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design [https://doi.org/10.5220/0010406100800091]).
ALKUBAISY, D., PIRAS, L., AL-OBEIDALLAH, M.G., COX, K. and MOURATIDIS, H. 2022. A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design. In Ali, R., Kaindl, H. and Maciaszek, L.A. (eds.). Evaluation of novel approaches to software engineering: revised selected papers from 16th International conference on Evaluation of novel approaches to software engineering 2021 (ENASE 2021), 26-27 April 2021, [virtual conference]. Communications in computer and information science, 1556. Cham: Springer [online], pages 67-87. Available from: https://doi.org/10.1007/978-3-030-96648-5_4
|Conference Name||16th International conference on Evaluation of novel approaches to software engineering 2021 (ENASE 2021)|
|Conference Location||[virtual conference]|
|Start Date||Apr 26, 2021|
|End Date||Apr 27, 2021|
|Acceptance Date||Feb 5, 2021|
|Online Publication Date||Feb 11, 2022|
|Publication Date||Dec 31, 2022|
|Deposit Date||Mar 14, 2022|
|Publicly Available Date||Aug 12, 2022|
|Series Title||Communications in computer and information science|
|Book Title||Evaluation of novel approaches to software engineering: revised selected papers from 16th International conference on Evaluation of novel approaches to software engineering 2021 (ENASE 2021), 26-27 April 2021, [virtual conference]|
|Keywords||Security requirements; Privacy requirements; Requirements conflicts; GDPR; Requirements modelling; Privacy by design|
|Related Public URLs||https://rgu-repository.worktribe.com/output/1254488|
ALKUBAISY 2022 A framework for privacy
You might also like
Privacy, security, legal and technology acceptance requirements for a GDPR compliance platform.
Design thinking and acceptance requirements for designing gamified software.