ABSTRACT
Engineering regulatory compliance requirements is valuable during the software development process as they are necessary to reduce risk, improve security and help systems achieve their business goals. Existing methods for assessing compliance requirements are inadequate as they fail to consider the important aspects such as interdependency between goals, obstacles and agents. Poor goal and risk analysis during the requirement engineering phase often result in incomplete requirements and wrong estimation of risks. This paper presents a goal-oriented quantitative compliance analysis framework that considers these issues during the requirement analysis phase.
- Bhattacharjee, J. et al. 2012. A two-phase quantitative methodology for enterprise information security risk analysis. Proceedings of the CUBE International Information Technology Conference on - CUBE '12. (2012), 809. Google ScholarDigital Library
- Faniyi, F. et al. 2011. Evaluating security properties of architectures in unpredictable environments: A case for cloud. Proceedings - 9th Working IEEE/IFIP Conference on Software Architecture, WICSA 2011 127--136. 2011. Google ScholarDigital Library
- Van Lamsweerde, a. and Letier, E. 2000. Handling obstacles in goal-oriented requirements engineering. IEEE Transactions on Software Engineering. 26, 10, 978--1005. 2000. Google ScholarDigital Library
- Letier, E. et al. 2000. Handling obstacles in goal-oriented requirements engineering. IEEE Transactions on Software Engineering. 26, 10, 978--1005. 2000. Google ScholarDigital Library
- Ojameruaye, B. and Bahsoon, R. Systematic elaboration of compliance requirements using compliance debt and portfolio theory. Lecture Notes in Computer Science including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics. 2014., 152--167. 2014.Google Scholar
Index Terms
- A risk - aware framework for compliance goal-obstacle analysis
Recommendations
A probabilistic framework for goal-oriented risk analysis
RE '12: Proceedings of the 2012 IEEE 20th International Requirements Engineering Conference (RE)Requirements completeness is among the most critical and difficult software engineering challenges. Missing requirements often result from poor risk analysis at requirements engineering time. Obstacle analysis is a goal-oriented form of risk analysis ...
Goal-driven risk assessment in requirements engineering
Risk analysis is traditionally considered a critical activity for the whole software system’s lifecycle. Risks are identified by considering technical aspects (e.g., failures of the system, unavailability of services, etc.) and handled by suitable ...
Assessing requirements-related risks through probabilistic goals and obstacles
Requirements completeness is among the most critical and difficult software engineering challenges. Missing requirements often result from poor risk analysis at requirements engineering time. Obstacle analysis is a goal-oriented form of risk analysis ...
Comments