Learn More
This paper discusses the lack of clarity of 40 online privacy statements from nine financial institutions that are covered by the Gramm-Leach-Bliley Act (GLBA), which states that policies must be " clear and conspicuous. " The study is novel in that it uses two complimentary approaches to analyze the clarity of policies: goal-driven requirements engineering(More)
As computing becomes more ubiquitous and Internet use continues to rise, it is increasingly important for organizations to construct accurate and effective privacy policies that document their information handling and usage practices. Most privacy policies are derived and specified in a somewhat ad-hoc manner, leading to policies that are of limited use to(More)
In this short paper, we summarize an industrial project in which we developed and applied the Attribute Hierarchy-based Evaluation of Architectural Designs (AHEAD) method for selecting a software technology to form the basis for the next-generation architecture of a complex commercial software application. AHEAD leverages the Software Engineering(More)
Access control is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) are security requirements that define how access is managed and the high-level rules of who, under what conditions, can access what information. Traditionally, access control policies are often specified after a system is designed(More)
Global problems such as disease detection and control, terrorism, immigration and border control, illicit drug trafficking, etc. require information sharing, coordination and collaboration among government agencies within a country and across national boundaries. This paper presents a prototype of a transnational information system which aims at achieving(More)
  • 1