Volltext-Downloads (blau) und Frontdoor-Views (grau)
  • search hit 84 of 1479
Back to Result List

A Practical Approach to Stakeholder-driven Determination of Security Requirements based on the GDPR and Common Criteria

  • We propose and apply a requirements engineering approach that focuses on security and privacy properties and takes into account various stakeholder interests. The proposed methodology facilitates the integration of security and privacy by design into the requirements engineering process. Thus, specific, detailed security and privacy requirements can be implemented from the very beginning of a software project. The method is applied to an exemplary application scenario in the logistics industry. The approach includes the application of threat and risk rating methodologies, a technique to derive technical requirements from legal texts, as well as a matching process to avoid duplication and accumulate all essential requirements.

Export metadata

Additional Services

Share in Twitter Search Google Scholar


Author:Sandra Zinsmaier, Hanno LangwegORCiDGND, Marcel WaldvogelORCiD
Parent Title (English):ICISSP 2020, Proceedings of the 6th International Conference on Information Systems Security and Privacy, February 25-27, 2020, Valletta, Malta
Document Type:Conference Proceeding
Year of Publication:2020
Release Date:2021/01/08
Tag:Common Criteria; GDPR; Privacy by Design; Requirements Engineering; Security by Design
Issue:Vol. 1
First Page:473
Last Page:480
Institutes:Fakult├Ąt Informatik
Relevance:Peer reviewed nach anderen Listungen (mit Nachweis zum Peer Review Verfahren)
Open Access?:Nein
Licence (German):License LogoCreative Commons - CC BY-NC-ND - Namensnennung - Nicht kommerziell - Keine Bearbeitungen 4.0 International