TY  - CHAP
U1  - Konferenzveröffentlichung
A1  - Zinsmaier, Sandra
A1  - Langweg, Hanno
A1  - Waldvogel, Marcel
T1  - A Practical Approach to Stakeholder-driven Determination of Security Requirements based on the GDPR and Common Criteria
T2  - ICISSP 2020, Proceedings of the 6th International Conference on Information Systems Security and Privacy, February 25-27, 2020, Valletta, Malta
N2  - We propose and apply a requirements engineering approach that focuses on security and privacy properties and takes into account various stakeholder interests. The proposed methodology facilitates the integration of security and privacy by design into the requirements engineering process. Thus, specific, detailed security and privacy requirements can be implemented from the very beginning of a software project. The method is applied to an exemplary application scenario in the logistics industry. The approach includes the application of threat and risk rating methodologies, a technique to derive technical requirements from legal texts, as well as a matching process to avoid duplication and accumulate all essential requirements.
KW  - Common Criteria
KW  - GDPR
KW  - Privacy by Design
KW  - Requirements Engineering
KW  - Security by Design
Y1  - 2020
SN  - 978-989-758-399-5
SB  - 978-989-758-399-5
U6  - https://doi.org/10.5220/0008960604730480
DO  - https://doi.org/10.5220/0008960604730480
IS  - Vol. 1
SP  - 473
EP  - 480
PB  - SciTePress
ER  -