Skip to main content
SpringerLink
Log in

Enriching Financial Software Requirements Concerning Privacy and Security Aspects: A Semiotics Based Approach

  • Conference paper
  • First Online:
ITNG 2021 18th International Conference on Information Technology-New Generations

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1346))

Abstract

Enriching software requirements with key security and privacy features requires professionals to have knowledge of requirements elicitation techniques, based on systematic processes and methods. We propose the Software Requirements Analysis Method for Improvement of Privacy and Security (SRAM-PS), which is based on concepts and techniques from Organizational Semiotics and on the analysis of information security and data privacy standards. SRAM-PS is a 7-steps systematic approach where an input set of software requirements is analyzed, processed, and then enriched with new security and privacy requirements. A case study with 4 experts was carried out, where SRAM-PS is used in a real world scenario: a bank sends a financial transaction receipt containing the customer’s personal data over the Internet. SRAM-PS is aimed at researchers and engineers who analyze and specify software requirements and need to systematize their methods and techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://gdpr-info.eu/

  2. 2.

    https://oag.ca.gov/privacy/ccpa

  3. 3.

    http://www.planalto.gov.br/ccivil\_03/\_ato2015\-2018/2018/lei/l13709.htm

  4. 4.

    https://owasp.org/www-project-web-security-testing-guide/

  5. 5.

    https://www.kennasecurity.com/

  6. 6.

    https://www.tenable.com/

  7. 7.

    https://www.nist.gov/cyberframework

  8. 8.

    https://www.isaca.org/bookstore/cobit-5/wcb5b

References

  1. ISO/IEC, Information Technology Security Techniques Code of Practice for Information Security Controls, International Organization for Standardization, Geneva, CH, Standard, Mar. 2013

    Google Scholar 

  2. J.C.D. Reis, A.C.D. Santos, E.F. Duarte, F.M. Gonçalves, B.B.N. de França, R. Bonacin, M.C.C. Baranauskas, Articulating socially aware design artifacts and user stories in the conception of the opendesign platform, in Proc. of the 22nd International Conference on Enterprise Information Systems – Vol 2, SciTePress, 2020, pp. 523–532

    Google Scholar 

  3. Y.C. Pan, A. Jacobs, C. Tan, S. Askool, Extending technology acceptance model for proximity mobile payment via organisational semiotics, in Digitalisation, Innovation, and Transformation, ed. by K. Liu, K. Nakata, W. Li, C. Baranauskas, (Springer International Publishing, Cham, 2018), pp. 43–52

    Chapter  Google Scholar 

  4. I. Sommerville, Software Engineering, 10th edn. (Pearson Education Limited, Harlow, UK, 2016)

    MATH  Google Scholar 

  5. K. Qian, R.M. Parizi, D. Lo, OWASP risk analysis driven security requirements specification for secure android mobile software development, DSC 2018 – IEEE Conference on Dependable and Secure Computing, pp. 4–5, 2019

    Google Scholar 

  6. M. Howard, S. Lipner, The Security Development Lifecycle: SDL, a Process for Developing Demonstrably More Secure Software, ser. Best practices (Microsoft Press, Redmond, WA, USA, 2006)

    Google Scholar 

  7. K. Liu, W. Li, Organisational Semiotics for Business Informatics (Routledge, Abingdon, 2014)

    Book  Google Scholar 

  8. R. Stamper, Information in Business and Administrative Systems, ser. A Halsted Press Book (Wiley, New York, NY, USA, 1973)

    Google Scholar 

  9. R.R. de Mendonça., F.F. Rosa, A.C.T. Costa, R. Bonacin, M. Jino, OntoCexp: a proposal for conceptual formalization of criminal expressions. In: 16th International Conference on Information Technology-New Generations (ITNG), 2019, vol 800. Springer, Cham

    Google Scholar 

  10. B. Kitchenham, Procedures for performing systematic reviews, Keele University, Keele, UK, vol. 33, no. 2004, pp. 1–26 (2004)

    Google Scholar 

  11. D. Alkubaisy, A framework managing conflicts between security and privacy requirements, in 2017 11th International Conference on Research Challenges in Information Science (RCIS), 2017, pp. 427–432

    Google Scholar 

  12. R.S. Tejas, S.V. Patel, Security, privacy and trust oriented requirements modeling for examination system, in Nirma University International Conference on Engineering (NUiCONE), 2012, pp. 1–6

    Google Scholar 

  13. S.F. de Oliveira, P.V. Martinez, J.A. Fabri, A. L’Erario, A. S. Duarte, J. A. Gonalves, Proposal for semiotics inspection method application in coming artifacts requirements survey activity, in 11th Iberian Conference on Information Systems and Technologies (CISTI), 2016, pp. 1–7

    Google Scholar 

  14. Y. Hongqiao, L. Weizi, Modeling requirement driven architecture of adaptive healthcare system based on semiotics, in 2009 International Forum on Information Technology and Applications, vol. 2, 2009, pp. 723–727

    Google Scholar 

  15. PCI, Payment Card Industry (PCI) Data Security Standard (DSS) Version 3.2.1, PCI Security Standards Council, Wakefield, MA USA, Standard, May 2018

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Campo Limpo Paulista (UNIFACCAMP), Campo Limpo Paulista, SP, Brazil

    Leonardo Manoel Mendes, Ferrucio de Franco Rosa & Rodrigo Bonacin

  2. Renato Archer Information Technology Center (CTI), Campinas, SP, Brazil

    Ferrucio de Franco Rosa & Rodrigo Bonacin

Authors
  1. Leonardo Manoel Mendes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ferrucio de Franco Rosa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rodrigo Bonacin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rodrigo Bonacin .

Editor information

Editors and Affiliations

  1. Department of Electrical and Computer Engineering, University of Nevada, Las Vegas, NV, USA

    Shahram Latifi

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mendes, L.M., de Franco Rosa, F., Bonacin, R. (2021). Enriching Financial Software Requirements Concerning Privacy and Security Aspects: A Semiotics Based Approach. In: Latifi, S. (eds) ITNG 2021 18th International Conference on Information Technology-New Generations. Advances in Intelligent Systems and Computing, vol 1346. Springer, Cham. https://doi.org/10.1007/978-3-030-70416-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-70416-2_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-70415-5

  • Online ISBN: 978-3-030-70416-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation