Alkubaisy, Duaa and Piras, Luca and Al-Obeidallah, Mohammed Ghazi and Cox, Karl and Mouratidis, Haralambos (2022) A Framework for Privacy and Security Requirements Analysis and Conflict Resolution for Supporting GDPR Compliance Through Privacy-by-Design. In: Evaluation of Novel Approaches to Software Engineering 16th International Conference, ENASE 2021, 2021-04-26 - 2021-04-27, Virtual event.
Alkubaisy, Duaa and Piras, Luca and Al-Obeidallah, Mohammed Ghazi and Cox, Karl and Mouratidis, Haralambos (2022) A Framework for Privacy and Security Requirements Analysis and Conflict Resolution for Supporting GDPR Compliance Through Privacy-by-Design. In: Evaluation of Novel Approaches to Software Engineering 16th International Conference, ENASE 2021, 2021-04-26 - 2021-04-27, Virtual event.
Alkubaisy, Duaa and Piras, Luca and Al-Obeidallah, Mohammed Ghazi and Cox, Karl and Mouratidis, Haralambos (2022) A Framework for Privacy and Security Requirements Analysis and Conflict Resolution for Supporting GDPR Compliance Through Privacy-by-Design. In: Evaluation of Novel Approaches to Software Engineering 16th International Conference, ENASE 2021, 2021-04-26 - 2021-04-27, Virtual event.
Abstract
Requirements elicitation, analysis, and, above all, early detection of conflicts and resolution, are among the most important, strategic, complex and crucial activities for preventing software system failures, and reducing costs related to reengineering/fixing actions. This is especially important when critical Requirements Classes are involved, such as Privacy and Security Requirements. Recently, organisations have been heavily fined for lack of compliance with data protection regulations, such as the EU General Data Protection Regulation (GDPR). GDPR requires organisations to enforce privacy-by-design activities from the early stages and for the entire software engineering cycle. Accordingly, requirements engineers need methods and tools for systematically identifying privacy and security requirements, detecting and solving related conflicts. Existing techniques support requirements identification without detecting or mitigating conflicts. The framework and tool we propose in this paper, called ConfIs, fills this gap by supporting engineers and organisations in these complex activities, with its systematic and interactive process. We applied ConfIs to a realistic GDPR example from the DEFeND EU Project, and evaluated its supportiveness, with positive results, by involving privacy and security requirements experts (This research is an extension of the study conducted by Alkubaisy et al. – which itself is a continuation of earlier studies and aims to aid the reader in comprehensively grasping the concepts laid out).
Item Type: | Conference or Workshop Item (Paper) |
---|---|
Divisions: | Faculty of Science and Health Faculty of Science and Health > Computer Science and Electronic Engineering, School of |
SWORD Depositor: | Unnamed user with email elements@essex.ac.uk |
Depositing User: | Unnamed user with email elements@essex.ac.uk |
Date Deposited: | 22 Nov 2022 10:47 |
Last Modified: | 16 May 2024 21:15 |
URI: | http://repository.essex.ac.uk/id/eprint/33325 |
Available files
Filename: ENASE 2021Duaa-FINAL-March.pdf