Assessing regulatory change through legal requirements coverage modeling

Gordon, David G.; Breaux, Travis D.

doi:10.1109/re.2013.6636714

Cited by 12 publications

(3 citation statements)

References 19 publications

(42 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Society: this category encompasses social, political and economic values and issues, the implications of which are frequently emergent. Some implications may be implemented in law where legal-oriented requirements have been extensively researched [55]. Society values also impinge on individual choice via social media and cultural influences.…”

Section: Methods/techniques For Socio-political Rementioning

confidence: 99%

The Implications of ‘Soft’ Requirements

Sutcliffe

Sawyer

Bencomo

2022

2022 IEEE 30th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

A new focus for RE is investigated as 'soft' requirements which extends non-functional requirements / soft goals with a collection of people-oriented phenomena: values, motivations, emotions, and other socio-political issues that may influence the requirements specification. The convergence of RE with user experience (HCI) and technology acceptance from the information systems literature is reviewed from a temporal perspective: pre-use, through initial to longer-term use. A taxonomy of soft requirements is proposed that extends non-functional requirements and soft-goal concepts to direct attention towards user characteristics and beliefs that may have implications for functional as well as system support requirements, such as training, help, explanation and trust in software. A timeline model of soft and hard (functional) requirements is presented with a focus on customization, adaptation and other soft requirements to, improve product acceptance and persuade users to take appropriate action. The paper concludes with a research agenda for soft requirements to improve the probability of system acceptance and the effectiveness of applications that aim to influence people's decisions and behaviour in internet apps and other discretionary-use applications.

show abstract

Section: Methods/techniques For Socio-political Rementioning

confidence: 99%

The Implications of ‘Soft’ Requirements

Sutcliffe

Sawyer

Bencomo

2022

2022 IEEE 30th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

show abstract

“…Even when such obstacles could be remedied, it should be emphasized that small software development enterprises seldom have the resources to collaborate with lawyers during requirements elicitation-let alone in the whole development process during which stakeholders should be involved in agile software development. Further problems are caused by the fact that like all requirements, also requirements elicited from legal regulations change over time [19]. Stakeholders and users may also have non-regulatory security, privacy, and data protection requirements of their own [20].…”

Section: Background and Related Workmentioning

confidence: 99%

The General Data Protection Regulation: Requirements, Architectures, and Constraints

Hjerppe¹,

Ruohonen

Leppänen

2019

2019 IEEE 27th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

The General Data Protection Regulation (GDPR) in the European Union is the most famous recently enacted privacy regulation. Despite of the regulation's legal, political, and technological ramifications, relatively little research has been carried out for better understanding the GDPR's practical implications for requirements engineering and software architectures. Building on a grounded theory approach with close ties to the Finnish software industry, this paper contributes to the sealing of this gap in previous research. Three questions are asked and answered in the context of software development organizations. First, the paper elaborates nine practical constraints under which many small and medium-sized enterprises (SMEs) often operate when implementing solutions that address the new regulatory demands. Second, the paper elicits nine regulatory requirements from the GDPR for software architectures. Third, the paper presents an implementation for a software architecture that complies both with the requirements elicited and the constraints elaborated.

show abstract

“…Among the tools that are currently being developed, of note are (a) a visualization tool for the different layers of regulations and how they map to controls, (b) a verification tool to support the coverage model presented by Gordon and Breaux [10], which may be used to determine regulatory coverage for IT organizations.…”

Section: E Towards Tools To Guide Control Mapping In Organizationsmentioning

confidence: 99%

Mapping legal requirements to IT controls

Breaux

Gordon

Papanikolaou³

et al. 2013

2013 6th International Workshop on Requirements Engineering and Law (RELAW)

Self Cite

View full text Add to dashboard Cite

Information technology (IT) controls are reusable system requirements that IT managers, administrators and developers use to demonstrate compliance with international standards, such as ISO 27000 standard. As controls are reusable, they tend to cover best practice independently from what specific government laws may require. However, because considerable effort has already been invested by IT companies in linking controls to their existing systems, aligning controls with regulations can yield important savings by avoiding noncompliance or unnecessary redesign. We report the results of a case study to align legal requirements from the U.S. and India that govern healthcare systems with three popular control catalogues: the NIST 800-53, ISO/IEC 27002:2009 and the Cloud Security Alliance CCM v1.3. The contributions include a repeatable protocol for mapping controls, heuristics to explain the types of mappings that may arise, and guidance for addressing incomplete mappings. IndexTerms-requirements engineering, privacy requirements, healthcare requirements, HIPAA, NIST 800-53, ISO 27002, CCM.

show abstract

Assessing regulatory change through legal requirements coverage modeling

Cited by 12 publications

References 19 publications

The Implications of ‘Soft’ Requirements

The Implications of ‘Soft’ Requirements

The General Data Protection Regulation: Requirements, Architectures, and Constraints

Mapping legal requirements to IT controls

Contact Info

Product

Resources

About