From Risk Analysis to the Expression of Security Requirements for Systems Information
- Nabil Laoufi
- 2015 Fourth International Conference on Cyber…
Security risk assessment identifies the threats to systems, while privacy risk assessment identifies data sensitivities in systems. The Security Quality Requirements Engineering (SQUARE) method is used to identify software security issues in the early stages of the development lifecycle. We propose combining the existing security risk assessment techniques in SQAURE with the Privacy Impact Assessment (PIA) technique and the Health Insurance Portability and Accountability Act (HIPAA) to address the full spectrum of security and privacy risks. Our ultimate goal is to introduce a privacy requirements engineering method that uses steps of SQUARE for privacy instead of or in addition to security.