A Practical Approach to Stakeholder-driven Determination of Security Requirements based on the GDPR and Common Criteria

Sandra Domenique Zinsmaier; Sandra Domenique Zinsmaier; Sandra Domenique Zinsmaier; Hanno Langweg; Hanno Langweg; Marcel Waldvogel

doi:10.5220/0008960604730480

A Practical Approach to Stakeholder-driven Determination of Security Requirements based on the GDPR and Common Criteria

Sandra Domenique Zinsmaier, Sandra Domenique Zinsmaier, Sandra Domenique Zinsmaier, Hanno Langweg, Hanno Langweg, Marcel Waldvogel

2020

Abstract

We propose and apply a requirements engineering approach that focuses on security and privacy properties and takes into account various stakeholder interests. The proposed methodology facilitates the integration of security and privacy by design into the requirements engineering process. Thus, specific, detailed security and privacy requirements can be implemented from the very beginning of a software project. The method is applied to an exemplary application scenario in the logistics industry. The approach includes the application of threat and risk rating methodologies, a technique to derive technical requirements from legal texts, as well as a matching process to avoid duplication and accumulate all essential requirements.

Download

Paper Citation

in Harvard Style

Zinsmaier S., Langweg H. and Waldvogel M. (2020). A Practical Approach to Stakeholder-driven Determination of Security Requirements based on the GDPR and Common Criteria. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 473-480. DOI: 10.5220/0008960604730480

in Bibtex Style

@conference{icissp20,
author={Sandra Zinsmaier and Hanno Langweg and Marcel Waldvogel},
title={A Practical Approach to Stakeholder-driven Determination of Security Requirements based on the GDPR and Common Criteria},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={473-480},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008960604730480},
isbn={978-989-758-399-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Practical Approach to Stakeholder-driven Determination of Security Requirements based on the GDPR and Common Criteria
SN - 978-989-758-399-5
AU - Zinsmaier S.
AU - Langweg H.
AU - Waldvogel M.
PY - 2020
SP - 473
EP - 480
DO - 10.5220/0008960604730480