Refine
Document Type
- Conference Proceeding (2)
- Article (1)
Language
- English (3)
Has Fulltext
- no (3)
Keywords
- Cloud (1)
- Cloud computing (1)
- Security of data (1)
- Security requirements (1)
- Stakeholder interests (1)
Institute
We present an analysis of how to determine security requirements for software that controls routing decisions in the distribution of discrete physical goods. Requirements are derived from stakeholder interests and threat scenarios. Three deployment scenarios are discussed: cloud and hybrid deployment as well as on-premise installation for legacy sites.
We identify 74 generic, reusable technical requirements based on the GDPR that can be applied to software products which process personal data. The requirements can be traced to corresponding articles and recitals of the GDPR and fulfill the key principles of lawfulness and transparency. Therefore, we present an approach to requirements engineering with regard to developing legally compliant software that satisfies the principles of privacy by design, privacy by default as well as security by design.