Title: Integrating privacy requirements considerations into a security requirements engineering method and tool

Authors: Nancy R. Mead; Seiya Miyazaki; Justin Zhan

Addresses: SEI, Carnegie Mellon University, 4500 Fifth Avenue, Pittsburgh, PA 15213, USA. ' Corporate R&D Division, Panasonic Corporation, 1006 Kadoma, Kadoma City, Osaka 571-8501, Japan. ' Department of Computer Science, North Carolina A&T State University, 1601 East Market Street, Greensboro, NC 27410, USA

Abstract: In this paper we examine a method for identifying privacy requirements within the context of a security requirements engineering method. We briefly describe the security quality requirements engineering (SQUARE) methodology. Next we discuss our definition of privacy and the associated privacy concerns. We discuss the challenges of privacy requirements engineering and the need for incorporating privacy considerations into security requirements engineering approaches. We describe a novel modification to the SQUARE method and tool to incorporate privacy considerations, and identify future work that will lead to a more integrated method for security and privacy requirements engineering.

Keywords: software security engineering; privacy requirements; security requirements engineering; security quality requirements.

DOI: 10.1504/IJIPSI.2011.043733

International Journal of Information Privacy, Security and Integrity, 2011 Vol.1 No.1, pp.106 - 126

Available online: 11 Nov 2011 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article