A Framework for Privacy and Security Requirements Analysis and Conflict Resolution for Supporting GDPR Compliance Through Privacy-by-Design

Alkubaisy, Duaa; Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Cox, Karl; Mouratidis, Haralambos

doi:10.1007/978-3-030-96648-5_4

Cited by 4 publications

(3 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Models [32,33] do link risks to security objectives and requirements, but they use this relationship to indicate that security requirements reduce risk and that the significance of the risk is determined by the security criterion. Models [36][37][38] associate threats with security requirements. This indicates a breach, but misses the link between security requirements and controls, and also lacks the concept of vulnerabilities in the model.…”

Section: Formation Of the Concept Of Determining The Level Of Securitymentioning

confidence: 99%

Development of the concept for determining the level of critical business processes security

Yevseiev

Milov

Zviertseva

et al. 2023

EEJET

View full text Add to dashboard Cite

The development of technologies and computing resources not only expanded the spectrum of digital services in all areas of human activity, but also defined the spectrum of targeted cyber attacks. The object of the study is the process of ensuring the safety of critical business processes that ensure the continuity of production and/or functioning of the company/organization/enterprise as a whole. Targeted attacks are aimed at destroying not only the business structure, but also its individual components that determine critical business processes. Continuity of such business processes is a critical component of any company, organization or enterprise of any form of government, which critically affects the earning of profits or the organization of production processes. The proposed concept of determining the security level of critical business processes is based on the need to use multi-loop information protection systems. This allows to ensure the continuity of critical business processes through a timely objective assessment of the level of security and the timely formation of preventive measures. This approach is based on the proposed rules for determining the achievement of a given level of security, which are based on assessments of the integrity, availability and confidentiality of information arrays, as well as computer equipment in relation to various points of the organization's business processes. The use of threat integration on the internal and external contours of the protection system allows to ensure the necessary level of security and continuity of the production/technological process of critical business processes. The proposed practical implementation of the system security level assessment system in the declarative programming language Prolog, which allows to form requirements regarding the achievement of a given system security level depending on the state assessments of individual system components

show abstract

Section: Formation Of the Concept Of Determining The Level Of Securitymentioning

confidence: 99%

Development of the concept for determining the level of critical business processes security

Yevseiev

Milov

Zviertseva

et al. 2023

EEJET

View full text Add to dashboard Cite

show abstract

“…Essas duas legislações impõem que o desenvolvimento de produtos e soluções de software considerem a privacidade de dados pessoais desde a concepção e incorpore esta prática durante toda a vida do software: Princípios de Privacy by Design e Privacy by Default [11]. Esta obrigação legal impacta diretamente no processo de desenvolvimento de software, que precisa se atentar à privacidade e proteção de dados pessoais Fica permitido ao(s) autor(es) ou a terceiros a reprodução ou distribuição, em parte ou no todo, do material extraído dessa obra, de forma verbatim, adaptada ou remixada, bem como a criação ou produção a partir do conteúdo dessa obra, para fins não comerciais, desde que sejam atribuídos os devidos créditos à criação original, sob os termos da licença CC BY-NC 4.0. durante todo desenvolvimento software, trazendo um novo desafio para a Engenharia de Software [12] [13].…”

Section: Introductionunclassified

Ensino da Adequação à LGPD no Desenvolvimento de Software através da Aprendizagem Ativa e Centrada no Discente

Saraiva,

Araújo,

Soares

2024

Anais Do IV Simpósio Brasileiro De Educação Em Computação (EDUCOMP 2024)

View full text Add to dashboard Cite

As abordagens de ensino-aprendizagem nos cursos de Engenharia de Software precisam aproximar a teoria da prática e assim, metodologias ativas e centradas no discente vêm sendo propostas e avaliadas. Ademais, demandas legislativas impõem, multidisciplinarmente, teorias, métodos e técnicas que abordem o desenvolvimento de software seguro, conforme prevê a LGPD que exige que o desenvolvimento de produtos e soluções de software considerem a privacidade de dados pessoais desde a concepção e incorpore esta prática durante toda a vida do software: Princípios de Privacy by Design e Privacy by Default. Este trabalho realizou um experimento com 142 discentes de graduação que produziram 947 artefatos ágeis – Estórias de Usuário e Cenários BDD - a partir do Inventário de Dados LGPD. Foi possível concluir que a Aprendizagem Significativa, o Pensamento Computacional e a Aprendizagem baseada em Problemas demonstraram-se apropriadas no ensino de requisitos legais para a Engenharia de Software.

show abstract

“…Practices and solutions currently in use have had difficulty closing this gap. Ad-hoc and fragmented approaches have become commonplace in many organizations, leading to ambiguous and inconsistent software development and endangering data protection and privacy compliance [5,6]. Moreover, according to Sobolewski et al, the GDPR is considered a step towards a more user-centric approach [7].…”

Section: Introductionmentioning

confidence: 99%

Bridging the Gap Between GPDR and Software Development: The MATERIALIST Framework

Saltarella,

Desolda,

Esposito

et al. 2024

Preprint

View full text Add to dashboard Cite

As software production evolves, privacy is becoming an increasingly important consideration. This is especially true as national and supranational regulations, such as GDPR, require privacy as a mandatory aspect of software development. However, challenges such as a lack of knowledge about privacy and data protection regulations hinder the adoption of effective and compliant privacy implementation mechanisms. To address this issue, this article presents MATERIALIST, a methodological and technological framework that supports stakeholders involved in a software development lifecycle in including GDPR in their activities. Specifically, it provides design patterns that can be selected starting from GDPR articles, code vulnerabilities, and software lifecycle phases. The framework aims to facilitate the adoption of appropriate privacy implementation mechanisms in the software development lifecycle, thereby improving software quality.

show abstract

A Framework for Privacy and Security Requirements Analysis and Conflict Resolution for Supporting GDPR Compliance Through Privacy-by-Design

Cited by 4 publications

References 33 publications

Development of the concept for determining the level of critical business processes security

Development of the concept for determining the level of critical business processes security

Ensino da Adequação à LGPD no Desenvolvimento de Software através da Aprendizagem Ativa e Centrada no Discente

Bridging the Gap Between GPDR and Software Development: The MATERIALIST Framework

Contact Info

Product

Resources

About