Privacy requirements elicitation: a systematic literature review and perception analysis of IT practitioners

Canedo, Edna Dias; Calazans, Angélica Toffano Seidel; Bandeira, Ian Nery; Cançado, Emille Catarine Rodrigues; Bonifácio, Rodrigo

doi:10.1007/s00766-022-00382-8

Cited by 9 publications

(4 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…are the security goals. Security requirements are sometimes added after system design (Canedo et al, 2022). This overfitting of security requirements in the current architecture of the system results in security vulnerabilities (Zareen et al, 2020).…”

Section: Introductionmentioning

confidence: 99%

Securing Software Development: A Holistic Exploration of Security Awareness in Software Development Teams

Janisar,

Shafee,

Sarlan

et al. 2024

IJARBSS

View full text Add to dashboard Cite

Security awareness is crucial at every stage of the software development life cycle. Studies emphasize the importance of addressing security requirements (SR) early in the requirement engineering phase to effectively mitigate security issues. However, the software development team (SDT) currently lacks sufficient awareness regarding the security requirements assurance (SRA) for mitigating security issues in secure software development. The objective of this study is to assess the (SDT) security knowledge in early software development. A survey was distributed, questions were based on (SR) within the context of security requirement engineering (SRE). A total of 58 responded to the survey. The results indicate that the (SDT) demonstrates a satisfactory level of knowledge regarding security (KOS), security requirements elicitation and analysis (SREA), and approaches within the domain of SRE. However, the results pertaining to security requirement assurance (SRA) were found unsatisfactory. Descriptive statistics were employed to analyse the mean scores of KOS=3.79, SRE=3.61, SREA=3.67, and SRA=2.71. SRE presented the strong Pearson correlation with SREA=.596**. Also, regression coefficient produces positive outcome with (SRA) and (SREA). Though, software development teams need to collaborate with the researcher to enhance the awareness about security requirement assurance during the secure development process.

show abstract

Section: Introductionmentioning

confidence: 99%

Securing Software Development: A Holistic Exploration of Security Awareness in Software Development Teams

Janisar,

Shafee,

Sarlan

et al. 2024

IJARBSS

View full text Add to dashboard Cite

show abstract

“…Therefore, it is crucial to implement measures that secure this sensitive data. Failure to consider privacy in system design can have severe consequences, including loss of trust, reputational damage, and legal penalties [2]. Therefore, organizations must take necessary measures to ensure that privacy is protected and duly considered in the design and development of systems that collect and process personal data [2].…”

Section: Introductionmentioning

confidence: 99%

“…Failure to consider privacy in system design can have severe consequences, including loss of trust, reputational damage, and legal penalties [2]. Therefore, organizations must take necessary measures to ensure that privacy is protected and duly considered in the design and development of systems that collect and process personal data [2]. To address this challenge, privacy engi-neering has emerged as a research framework that aims to provide methods, tools, and frameworks for incorporating privacy into organizational and technical measures [3].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Toward a Holistic Privacy Requirements Engineering Process: Insights From a Systematic Literature Review

Herwanto,

Ekaputra,

Quirchmayr

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Privacy requirements engineering is a crucial aspect of privacy engineering. It aims to integrate privacy principles into organizational and technical processes throughout the software development lifecycle. This specialized field involves various strategies, including compliance with regulatory frameworks, asset analysis, and system diagram development for threat modeling. The wide range of approaches, while beneficial in providing different perspectives, presents a significant challenge to the novice privacy engineer or developer in identifying the most effective methodologies. The lack of a single methodology highlights the need for a systematic literature review (SLR) to establish a standardized process for privacy requirements engineering that promotes consistency across different methodologies. To address this issue, we conducted a comprehensive SLR to synthesize existing privacy requirements engineering methodologies. Our analysis involved dissecting each method's processes, tasks, techniques, work products, and resources. Our review examined 40 privacy requirements engineering methodologies detailed in 50 papers, from which we extracted five key processes commonly followed in privacy requirements engineering research. We used this as the foundation for a holistic approach to facilitate the adoption of a comprehensive privacy requirements engineering process. The review also identifies ongoing challenges and suggests future directions in this field.INDEX TERMS privacy requirements engineering, privacy design engineering, privacy engineering, privacy by design

show abstract

Review on Privacy and Trust Methodologies in Cloud Computing

Simou,

Mavroeidi,

Kalloniatis

2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Privacy requirements elicitation: a systematic literature review and perception analysis of IT practitioners

Cited by 9 publications

References 36 publications

Securing Software Development: A Holistic Exploration of Security Awareness in Software Development Teams

Securing Software Development: A Holistic Exploration of Security Awareness in Software Development Teams

Toward a Holistic Privacy Requirements Engineering Process: Insights From a Systematic Literature Review

Review on Privacy and Trust Methodologies in Cloud Computing

Contact Info

Product

Resources

About