A Compliance-Driven Framework for Privacy and Security in Highly Regulated Socio-Technical Environments

2021 ◽  
pp. 933-962
Author(s):  
Ayda Saidane ◽  
Saleh Al-Sharieh
Keyword(s):  
Business Processes ◽  
System Development ◽  
Regulatory Compliance ◽  
Security And Privacy ◽  
Modeling Framework ◽  
Privacy And Security ◽  
Legitimate User ◽  
Simulation Based ◽  
Driven System ◽  
City System

Regulatory compliance is a top priority for organizations in highly regulated ecosystems. As most operations are automated, the compliance efforts focus on the information systems supporting the business processes of the organizations and, to a lesser extent, on the humans using, managing, and maintaining them. Yet, the human factor is an unpredictable and challenging component of a secure system development and should be considered throughout the development process as both a legitimate user and a threat. In this chapter, the authors propose COMPARCH as a compliance-driven system engineering framework for privacy and security in socio-technical systems. It consists of (1) a risk-based requirement management process, (2) a test-driven security and privacy modeling framework, and (3) a simulation-based validation approach. The satisfaction of the regulatory requirements is evaluated through the simulation traces analysis. The authors use as a running example an E-CITY system providing municipality services to local communities.

A Compliance-Driven Framework for Privacy and Security in Highly Regulated Socio-Technical Environments

2019 ◽  
pp. 15-50
Author(s):  
Ayda Saidane ◽  
Saleh Al-Sharieh
Keyword(s):  
Business Processes ◽  
System Development ◽  
Regulatory Compliance ◽  
Security And Privacy ◽  
Modeling Framework ◽  
Privacy And Security ◽  
Legitimate User ◽  
Simulation Based ◽  
Driven System ◽  
City System

Regulatory compliance is a top priority for organizations in highly regulated ecosystems. As most operations are automated, the compliance efforts focus on the information systems supporting the business processes of the organizations and, to a lesser extent, on the humans using, managing, and maintaining them. Yet, the human factor is an unpredictable and challenging component of a secure system development and should be considered throughout the development process as both a legitimate user and a threat. In this chapter, the authors propose COMPARCH as a compliance-driven system engineering framework for privacy and security in socio-technical systems. It consists of (1) a risk-based requirement management process, (2) a test-driven security and privacy modeling framework, and (3) a simulation-based validation approach. The satisfaction of the regulatory requirements is evaluated through the simulation traces analysis. The authors use as a running example an E-CITY system providing municipality services to local communities.

An Analysis of Privacy and Security in the Zachman and Federal Enterprise Architecture Frameworks

2009 ◽  
pp. 183-194
Author(s):  
Richard V. McCarthy
Keyword(s):  
Enterprise Architecture ◽  
Business Processes ◽  
The United States ◽  
Security And Privacy ◽  
United States Government ◽  
Privacy And Security ◽  
The Past ◽  
Architecture Framework ◽  
Architecture Frameworks ◽  
Enterprise Architecture Framework

Enterprise architecture has had a resurgence of interest in the IT community in the past ten year; in part because of a mandate for federal agencies of the United States government and in part because of the complexity of managing today’s information systems environments. It has become a critical component of an overall IT governance program to provide structure and documentation to describe the business processes, information flows, technical infrastructure and organizational management of an information technology organization. Many different enterprise architecture frameworks have emerged over the past ten years. Two of the most widely used enterprise architecture frameworks (the Zachman Framework and the Federal enterprise architecture framework) are described and their ability to meet the security and privacy needs of an organization is discussed. These frameworks represent a contrast of industry and government perspectives in addressing issues of key importance to senior IT leadership.

An Analysis of Privacy and Security in the Zachman and Federal Enterprise Architecture Frameworks

Cyber Crime ◽  
2013 ◽  
pp. 363-374
Author(s):  
Richard V. McCarthy
Keyword(s):  
Enterprise Architecture ◽  
Business Processes ◽  
The United States ◽  
Security And Privacy ◽  
United States Government ◽  
Privacy And Security ◽  
The Past ◽  
Architecture Framework ◽  
Architecture Frameworks ◽  
Enterprise Architecture Framework

Enterprise architecture has had a resurgence of interest in the IT community in the past ten year; in part because of a mandate for federal agencies of the United States government and in part because of the complexity of managing today’s information systems environments. It has become a critical component of an overall IT governance program to provide structure and documentation to describe the business processes, information flows, technical infrastructure and organizational management of an information technology organization. Many different enterprise architecture frameworks have emerged over the past ten years. Two of the most widely used enterprise architecture frameworks (the Zachman Framework and the Federal enterprise architecture framework) are described and their ability to meet the security and privacy needs of an organization is discussed. These frameworks represent a contrast of industry and government perspectives in addressing issues of key importance to senior IT leadership.

THE SI* MODELING FRAMEWORK: METAMODEL AND APPLICATIONS

2009 ◽  
Vol 19 (05) ◽  
pp. 727-746 ◽  
Author(s):  
NICOLA ZANNONE
Keyword(s):  
Business Processes ◽  
System Development ◽  
Security Requirements ◽  
Modeling Language ◽  
Modeling Languages ◽  
Modeling Framework ◽  
Development Environment ◽  
Design Alternatives ◽  
Security Requirements Engineering ◽  
Early Phases

Security Requirements Engineering is emerging spurred by the realization that security must be dealt from the early phases of the system development process. Modeling languages in this field are challenging as they must provide concepts appropriate in order to talk about security within an organization. In previous work we introduced the SI* modeling language tailored to capture security aspects of socio-technical systems. SI* is founded on four main notions, namely supervision, permission, delegation, and trust. In this paper, we present the SI* metamodel. We also present some frameworks and methodologies founded on this modeling language for the analysis of security and dependability requirements as well as the exploration of design alternatives and the generation of skeletons of secure business processes. The paper also presents a development environment that uses the SI* metamodel as its basis core.

Privacy and Security

2008 ◽  
pp. 180-194
Author(s):  
Richard V. McCarthy ◽  
Martin Grossman
Keyword(s):  
Information Technology ◽  
Enterprise Architecture ◽  
Business Processes ◽  
Security And Privacy ◽  
Information Flows ◽  
Critical Component ◽  
Privacy And Security ◽  
Architecture Framework ◽  
Architecture Frameworks ◽  
Enterprise Architecture Framework

Enterprise Architecture is a relatively new concept that has been adopted by large organizations for legal, economic, and strategic reasons. It has become a critical component of an overall IT governance program to provide structure and documentation to describe the business processes, information flows, technical infrastructure, and organizational management of an information technology organization. Many different enterprise architecture frameworks have emerged over the past 10 years. Two of the most widely used enterprise architecture frameworks (the Zachman Framework and the Federal Enterprise Architecture Framework) are described and their ability to meet the security and privacy needs of an organization is discussed.

Implementation of Booking Performance Application Using Bootstrap Case Study in PT XYZ

2019 ◽  
Vol 4 (1) ◽  
pp. 10
Author(s):  
Arfan Sansprayada ◽  
Kartika Mariskhana
Keyword(s):  
Information System ◽  
Business Processes ◽  
System Development ◽  
Basic Requirement ◽  
Application Development ◽  
Information System Development ◽  
Special Expertise ◽  
A Company ◽  
Need For Information

Abstract—The need for information system development in a company is a basic requirement that must be met by each company in order to run its business processes properly. This is the basic key in a company in order to provide maximum results to find as many profits or profits. Application development or requirements in the application also provide speed for employees to carry out their activities to work properly and optimally. The development of the era requires that companies must be productive and have innovations so that the business wheel of the company can run well. This is based on the development of technology that is so fast that it requires special expertise in its application. This research is expected to be able to help some problems that exist in a company. Where its application can make it easier for employees to carry out their respective duties and roles in order to maximize their potential. For companies, the application of this application can accommodate the company's business wheels so that they can be properly and correctly documented .   Keywords : Systems, Information, Applications

Website Information Security and Privacy Concerns in 4IR: The Moderating Role of Trust in B2C e-Commerce

10.29007/jlq6 ◽  
2019 ◽  
Author(s):  
Thabang Mofokeng
Keyword(s):  
South Africa ◽  
Customer Satisfaction ◽  
Customer Loyalty ◽  
Success Factors ◽  
Industrial Revolution ◽  
Emerging Market ◽  
Security And Privacy ◽  
Future Research ◽  
Privacy And Security ◽  
Customer Trust

The technology devices introduced in recent years are not only vulnerable to Internet risks but are also unable to elevate the growth of B2C e-commerce. These concerns are particularly relevant today, as the world transitions into the Fourth Industrial Revolution. To date, existing research has largely focused on obstacles to customer loyalty. Studies have tested e-commerce models guided by the establishment of trusting, satisfied and loyal consumers in various international contexts. In South Africa, however, as an emerging market, there has been limited research on the success factors of online shopping.This study examines the influence of security and privacy on trust, seen as a moderator of customer satisfaction, which in turn, has an effect on loyalty towards websites. Based on an exhaustive review of literature, a conceptual model is proposed on the relationships between security and privacy on the one hand, and customer trust, satisfaction and loyalty on the other. A total of 250 structured, self-administered questionnaires was distributed to a purposively selected sample of respondents using face-to-face surveys in Johannesburg, South Africa. A multivariate data analysis technique was used to draw inferences from the data. With an 80.1% response rate, the findings showed that privacy and security do influence customer trust; security strongly influences customer trust and weakly influences satisfaction. In South Africa, customer loyalty towards websites is strongly determined by satisfaction and weakly determined by trust. Trust significantly moderates the effect of customer satisfaction on loyalty. The study implications and limitations are presented and future research directions are suggested.

scholarly journals Security and Privacy Requirements for Electronic Consent

2021 ◽  
Vol 20 (2) ◽  
pp. 1-24
Author(s):  
Stef Verreydt ◽  
Koen Yskout ◽  
Wouter Joosen
Keyword(s):  
Security And Privacy ◽  
Inclusion Criteria ◽  
Comprehensive Overview ◽  
Privacy And Security ◽  
Pubmed Central ◽  
Privacy Requirements ◽  
Development Lifecycle ◽  
Main Challenge ◽  
Security Challenges ◽  
Server Systems

Electronic consent (e-consent) has the potential to solve many paper-based consent approaches. Existing approaches, however, face challenges regarding privacy and security. This literature review aims to provide an overview of privacy and security challenges and requirements proposed by papers discussing e-consent implementations, as well as the manner in which state-of-the-art solutions address them. We conducted a systematic literature search using ACM Digital Library, IEEE Xplore, and PubMed Central. We included papers providing comprehensive discussions of one or more technical aspects of e-consent systems. Thirty-one papers met our inclusion criteria. Two distinct topics were identified, the first being discussions of e-consent representations and the second being implementations of e-consent in data sharing systems. The main challenge for e-consent representations is gathering the requirements for a “valid” consent. For the implementation papers, many provided some requirements but none provided a comprehensive overview. Blockchain is identified as a solution to transparency and trust issues in traditional client-server systems, but several challenges hinder it from being applied in practice. E-consent has the potential to grant data subjects control over their data. However, there is no agreed-upon set of security and privacy requirements that must be addressed by an e-consent platform. Therefore, security- and privacy-by-design techniques should be an essential part of the development lifecycle for such a platform.

scholarly journals Assessing Users’ Privacy and Security Concerns of Smart Home Technologies

i-com ◽  
2019 ◽  
Vol 18 (3) ◽  
pp. 197-216 ◽  
Author(s):  
Verena Zimmermann ◽  
Paul Gerber ◽  
Karola Marky ◽  
Leon Böck ◽  
Florian Kirchbuchner
Keyword(s):  
Smart Home ◽  
Elderly Care ◽  
Security And Privacy ◽  
Structured Interviews ◽  
Privacy And Security ◽  
Privacy Concerns ◽  
Private Lives ◽  
Societal Level ◽  
Home Users

AbstractSmart Home technologies have the potential to increase the quality of life, home security and facilitate elderly care. Therefore, they require access to a plethora of data about the users’ homes and private lives. Resulting security and privacy concerns form a relevant barrier to adopting this promising technology. Aiming to support end users’ informed decision-making through addressing the concerns we first conducted semi-structured interviews with 42 potential and little-experienced Smart Home users. Their diverse concerns were clustered into four themes that center around attacks on Smart Home data and devices, the perceived loss of control, the trade-off between functionality and security, and user-centric concerns as compared to concerns on a societal level. Second, we discuss measures to address the four themes from an interdisciplinary perspective. The paper concludes with recommendations for addressing user concerns and for supporting developers in designing user-centered Smart Home technologies.

Pengembangan SIA Terintegrasi: Pengaturan Pembelian Kredit di PT Toyonaga Indonesia

2019 ◽  
Vol 4 (1) ◽  
pp. 142-148
Author(s):  
Dealin Mahaputri Leonika
Keyword(s):  
Qualitative Research ◽  
Internal Control ◽  
Business Processes ◽  
System Development ◽  
Application System ◽  
Development Life Cycle ◽  
Descriptive Approach ◽  
System Information ◽  
Main Support ◽  
Developing System

Abstract-- PT Toyonaga Indonesia is a manufacturing company engaged in the automotive field, the importance of purchasing activities as the main support in the process production and as revenue company , it is very necessary for  system that is mutually integrated computerized between one part and another. PT Toyonaga Indonesia has no system that can integrate between parts to facilitate internal control of the company. This study using method a qualitative research with a descriptive approach, which developing system design using a system development, system structured cycle due to SDLC is a recognized method and is used a lot of system development, steps structured and practical, tools from SDLC using more diagrams so easy to understand, the stages are related to each other. The results show that the system has been running well in PT Toyonaga Indonesia, but the system has not run effectively and efficiently so it is designed with an application system called Entrepreneurial Purchasing System to facilitate the company's business processes, especially in the field of credit purchases.   Keywords-- System Information Accounting In Purchase Credit   Abstrak--PT Toyonaga Indonesia adalah perusahaan manufaktur yang bergerak dibidang otomotif, karena begitu pentingnya kegiatan pembelian sebagai penunjang utama dalam proses produksi dan perolehan profit perusahaan maka sangat dibutuhkannya sistem yang saling terintegrasi secara komputerisasi antara satu bagian dengan bagian lain. PT Toyonaga Indonesia belum terdapat sistem yang dapat berintegrasi antar bagian untuk memudahkan pengendalian internal perusahaan. Penelitian ini menggunakan metode penelitian kualitatif dengan pendekatan deskriptif yaitu dengan mengembangkan perancangan sistem dengan menggunakan sistem tersturktur System Development Life Cycle karena SDLC merupakan metode yang diakui dan digunakan banyak pengembangan sistem, alur tahapannya terstruktur dan praktis, tools alat-alat dari SDLC menggunakan diagram yang lebih mudah dimengerti, tahapannnya terkait satu sama lainnya. Hasil penelitian menunjukan bahwa sistem yang berjalan pada PT Toyonaga Indonesia sudah berjalan dengan baik, namun sistem belum berjalan secara efektif dan efisien maka dirancang dengan sistem aplikasi dengan nama Purchasing Entris System agar memudahkan proses bisnis perusahaan khususnya dalam bidang pembelian kredit.   Kata Kunci--Sistem Informasi Akuntansi Pembelian Kredit    

Sign in / Sign up

Export Citation Format

Share Document