Abstract
Enriching software requirements with key security and privacy features requires professionals to have knowledge of requirements elicitation techniques, based on systematic processes and methods. We propose the Software Requirements Analysis Method for Improvement of Privacy and Security (SRAM-PS), which is based on concepts and techniques from Organizational Semiotics and on the analysis of information security and data privacy standards. SRAM-PS is a 7-steps systematic approach where an input set of software requirements is analyzed, processed, and then enriched with new security and privacy requirements. A case study with 4 experts was carried out, where SRAM-PS is used in a real world scenario: a bank sends a financial transaction receipt containing the customer’s personal data over the Internet. SRAM-PS is aimed at researchers and engineers who analyze and specify software requirements and need to systematize their methods and techniques.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
References
ISO/IEC, Information Technology Security Techniques Code of Practice for Information Security Controls, International Organization for Standardization, Geneva, CH, Standard, Mar. 2013
J.C.D. Reis, A.C.D. Santos, E.F. Duarte, F.M. Gonçalves, B.B.N. de França, R. Bonacin, M.C.C. Baranauskas, Articulating socially aware design artifacts and user stories in the conception of the opendesign platform, in Proc. of the 22nd International Conference on Enterprise Information Systems – Vol 2, SciTePress, 2020, pp. 523–532
Y.C. Pan, A. Jacobs, C. Tan, S. Askool, Extending technology acceptance model for proximity mobile payment via organisational semiotics, in Digitalisation, Innovation, and Transformation, ed. by K. Liu, K. Nakata, W. Li, C. Baranauskas, (Springer International Publishing, Cham, 2018), pp. 43–52
I. Sommerville, Software Engineering, 10th edn. (Pearson Education Limited, Harlow, UK, 2016)
K. Qian, R.M. Parizi, D. Lo, OWASP risk analysis driven security requirements specification for secure android mobile software development, DSC 2018 – IEEE Conference on Dependable and Secure Computing, pp. 4–5, 2019
M. Howard, S. Lipner, The Security Development Lifecycle: SDL, a Process for Developing Demonstrably More Secure Software, ser. Best practices (Microsoft Press, Redmond, WA, USA, 2006)
K. Liu, W. Li, Organisational Semiotics for Business Informatics (Routledge, Abingdon, 2014)
R. Stamper, Information in Business and Administrative Systems, ser. A Halsted Press Book (Wiley, New York, NY, USA, 1973)
R.R. de Mendonça., F.F. Rosa, A.C.T. Costa, R. Bonacin, M. Jino, OntoCexp: a proposal for conceptual formalization of criminal expressions. In: 16th International Conference on Information Technology-New Generations (ITNG), 2019, vol 800. Springer, Cham
B. Kitchenham, Procedures for performing systematic reviews, Keele University, Keele, UK, vol. 33, no. 2004, pp. 1–26 (2004)
D. Alkubaisy, A framework managing conflicts between security and privacy requirements, in 2017 11th International Conference on Research Challenges in Information Science (RCIS), 2017, pp. 427–432
R.S. Tejas, S.V. Patel, Security, privacy and trust oriented requirements modeling for examination system, in Nirma University International Conference on Engineering (NUiCONE), 2012, pp. 1–6
S.F. de Oliveira, P.V. Martinez, J.A. Fabri, A. L’Erario, A. S. Duarte, J. A. Gonalves, Proposal for semiotics inspection method application in coming artifacts requirements survey activity, in 11th Iberian Conference on Information Systems and Technologies (CISTI), 2016, pp. 1–7
Y. Hongqiao, L. Weizi, Modeling requirement driven architecture of adaptive healthcare system based on semiotics, in 2009 International Forum on Information Technology and Applications, vol. 2, 2009, pp. 723–727
PCI, Payment Card Industry (PCI) Data Security Standard (DSS) Version 3.2.1, PCI Security Standards Council, Wakefield, MA USA, Standard, May 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mendes, L.M., de Franco Rosa, F., Bonacin, R. (2021). Enriching Financial Software Requirements Concerning Privacy and Security Aspects: A Semiotics Based Approach. In: Latifi, S. (eds) ITNG 2021 18th International Conference on Information Technology-New Generations. Advances in Intelligent Systems and Computing, vol 1346. Springer, Cham. https://doi.org/10.1007/978-3-030-70416-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-70416-2_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-70415-5
Online ISBN: 978-3-030-70416-2
eBook Packages: EngineeringEngineering (R0)