A Compliance-Driven Framework for Privacy and Security in Highly Regulated Socio-Technical Environments
| Autor: | Saleh Al-Sharieh, Ayda Saidane |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Sociotechnical system
Public economics E-Government 010201 computation theory & mathematics Computer science 020204 information systems 0202 electrical engineering electronic engineering information engineering 0102 computer and information sciences 02 engineering and technology 01 natural sciences Compliance (psychology) |
| DOI: | 10.4018/978-1-5225-5984-9.ch002 |
| Popis: | Regulatory compliance is a top priority for organizations in highly regulated ecosystems. As most operations are automated, the compliance efforts focus on the information systems supporting the business processes of the organizations and, to a lesser extent, on the humans using, managing, and maintaining them. Yet, the human factor is an unpredictable and challenging component of a secure system development and should be considered throughout the development process as both a legitimate user and a threat. In this chapter, the authors propose COMPARCH as a compliance-driven system engineering framework for privacy and security in socio-technical systems. It consists of (1) a risk-based requirement management process, (2) a test-driven security and privacy modeling framework, and (3) a simulation-based validation approach. The satisfaction of the regulatory requirements is evaluated through the simulation traces analysis. The authors use as a running example an E-CITY system providing municipality services to local communities. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|