Title: Integrating privacy requirements considerations into a security requirements engineering method and tool
Authors: Nancy R. Mead; Seiya Miyazaki; Justin Zhan
Addresses: SEI, Carnegie Mellon University, 4500 Fifth Avenue, Pittsburgh, PA 15213, USA. ' Corporate R&D Division, Panasonic Corporation, 1006 Kadoma, Kadoma City, Osaka 571-8501, Japan. ' Department of Computer Science, North Carolina A&T State University, 1601 East Market Street, Greensboro, NC 27410, USA
Abstract: In this paper we examine a method for identifying privacy requirements within the context of a security requirements engineering method. We briefly describe the security quality requirements engineering (SQUARE) methodology. Next we discuss our definition of privacy and the associated privacy concerns. We discuss the challenges of privacy requirements engineering and the need for incorporating privacy considerations into security requirements engineering approaches. We describe a novel modification to the SQUARE method and tool to incorporate privacy considerations, and identify future work that will lead to a more integrated method for security and privacy requirements engineering.
Keywords: software security engineering; privacy requirements; security requirements engineering; security quality requirements.
International Journal of Information Privacy, Security and Integrity, 2011 Vol.1 No.1, pp.106 - 126
Available online: 11 Nov 2011 *Full-text access for editors Access for subscribers Purchase this article Comment on this article