Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology

Ghanavati, Sepideh; Amyot, Daniel; Peyton, Liam

doi:10.1109/re.2009.42

Cited by 69 publications

(30 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other approaches (e.g., [7]) tackle the evolution problem from a legal perspective. They propose a systematic approach to help organizations align their business processes with (privacy) laws.…”

Section: Discussionmentioning

confidence: 99%

Aligning Service-Oriented Architectures with Security Requirements

Salnitri

Dalpiaz

Giorgini

2012

On the Move to Meaningful Internet Systems: OTM 2012

View full text Add to dashboard Cite

Abstract. Aligning requirements and architectures is a long-standing concern in software engineering. Alignment is crucial in the area of systems evolution, wherein requirements and system architectures keep changing after system deployment. We address a specific alignment problem, i.e., checking the compliance of a service-oriented architecturerepresenting a composite service-with security requirements. Serviceoriented architectures are dynamic (services can be replaced on-the-fly), and assessing compliance with security requirements is key, since noncompliance may lead to sanctions as well as privacy violation. After motivating and describing the problem, we propose algorithms to check two specific security requirements: non-disclosure and non-repudiation. We illustrate the approach using a scenario about e-government.

show abstract

Section: Discussionmentioning

confidence: 99%

Aligning Service-Oriented Architectures with Security Requirements

Salnitri

Dalpiaz

Giorgini

2012

On the Move to Meaningful Internet Systems: OTM 2012

View full text Add to dashboard Cite

show abstract

“…Thus, it is important to enrich goal models with context. Consequently, Raian proposed a goal-oriented requirement engineering modeling and reasoning framework for systems operating under various contexts (Ghanavati et al, 2009). The framework relates context and goals using Tropos.…”

Section: Backward Propagationmentioning

confidence: 99%

Goal Modeling Techniques in Requirements Engineering: A Systematic Literature Review

ElSayed¹,

Ezz²,

Nasr³

2017

Journal of Computer Science

View full text Add to dashboard Cite

Goal modeling techniques plays a crucial role in requirements engineering since they facilitate the reach of requirements to stakeholders in an understandable easy manner and also in a professional well defined pattern to developers. Modeling of goals are encouraged and proposed during requirements elicitation in order to detail, understand and describe problems associated with current organizational structures and behavior. However, a current challenge appears which is how to manage modeling of goals if either these goals were elicited in early or late phases? Eventually if that occurred the rest of the challenge comes in how to model these goals in the presence of uncertainty? This paper presents a systematic literature review of the current goal modeling techniques dealing with both early and late requirements such as: i* framework, tropos, GRL and UML. The results for research in this study show that although there are models for both early and late requirements, most techniques to a great extent are used for modeling early requirements. The findings lead us to identify two future work elicited in the study that might help a lot in modeling goals.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Ghanavati et al [17] use compliance links to trace goals, softgoals, tasks, and actors to the law. They use traceability links to connect portions of a Goal Requirements Language (GRL) business model with a GRL model of the law [17]. They tag each of the links with either a quantitative value or a qualitative category representing the degree to which a business satisfies the compliance requirements [17].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A legal cross-references taxonomy for reasoning about compliance requirements

Maxwell

Antón

Swire³

et al. 2012

Requirements Eng

View full text Add to dashboard Cite

Companies must ensure their software complies with relevant laws and regulations to avoid the risk of costly penalties, lost reputation, and brand damage resulting from non-compliance. Laws and regulations contain internal cross-references to portions of the same legal text, as well as cross-references to external legal texts. These cross-references introduce ambiguities, exceptions, as well as other challenges to regulatory compliance. Requirements engineers need guidance as to how to address crossreferences in order to comply with the requirements of the law. Herein, we analyze each external cross-reference within the U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, the GrammLeach-Bliley Act (GLBA), and the GLBA Financial Privacy Rule to determine whether a cross-reference either introduces a conflicting requirement, a conflicting definition, or refines an existing requirement. Herein, we propose a legal cross-reference taxonomy to aid requirements engineers in classifying cross-references as they specify compliance requirements. Analyzing cross-references enables us to address conflicting requirements that may otherwise thwart legal compliance. We identify five sets of conflicting compliance requirements and recommend strategies for resolving these conflicts.

show abstract

Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology

Cited by 69 publications

References 7 publications

Aligning Service-Oriented Architectures with Security Requirements

Aligning Service-Oriented Architectures with Security Requirements

Goal Modeling Techniques in Requirements Engineering: A Systematic Literature Review

A legal cross-references taxonomy for reasoning about compliance requirements

Contact Info

Product

Resources

About