Combining Privacy and Security Risk Assessment in Security Quality Requirements Engineering

Abstract

Security risk assessment identifies the threats to systems, while privacy risk assessment identifies data sensitivities in systems. The Security Quality Requirements Engineering (SQUARE) method is used to identify software security issues in the early stages of the development lifecycle. We propose combining the existing security risk assessment techniques in SQAURE with the Privacy Impact Assessment (PIA) technique and the Health Insurance Portability and Accountability Act (HIPAA) to address the full spectrum of security and privacy risks. Our ultimate goal is to introduce a privacy requirements engineering method that uses steps of SQUARE for privacy instead of or in addition to security.

Extracted Key Phrases

4 Figures and Tables

Cite this paper

@inproceedings{AbuNimeh2010CombiningPA, title={Combining Privacy and Security Risk Assessment in Security Quality Requirements Engineering}, author={Saeed Abu-Nimeh and Nancy R. Mead}, booktitle={AAAI Spring Symposium: Intelligent Information Privacy Management}, year={2010} }