Designing Secure and Privacy-Aware Information Systems

2017 ◽  
Vol 8 (2) ◽  
pp. 1-25
Author(s):  
Christos Kalloniatis ◽  
Argyri Pattakou ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Information Systems ◽  
Personal Information ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Economic Relationships ◽  
Analysis And Design ◽  
Privacy Requirements ◽  
Systems Analysis And Design ◽  
User Data

Pervasiveness of information systems is well underway, redefining our social and economic relationships. This technological revolution has generated enormous capabilities, but also enabled the creation of new vulnerabilities and threats. A major challenge in the field of information systems is therefore, to ensure the trustworthiness of the underlying technologies that make possible the generation, collection, storage, processing and transmission of user data at rates more intensive than ever before. Trust in information systems depends on different aspects, one of which is the security of user's data. Data security is referred as the protection of user's data from corruption and unauthorized access. Another important aspect of trust is the protection of user's privacy. Protecting privacy is about complying with user's desires when it comes to handling personal information. Without security to guarantee data protection, appropriate uses of that data cannot be realized. This implies that security and privacy issues are inherently intertwined and should be viewed synergistically. The aim of this paper is to elevate modern practices for ensuring security and privacy during software systems analysis and design. To this end, the basic security and privacy requirements that should be considered are introduced. Additionally, a number of well known methods in the research area of requirements engineering which focus on eliciting and modeling security and privacy requirements are described. Finally, a comparative analysis between these methods is presented.

Designing Secure and Privacy-Aware Information Systems

2019 ◽  
pp. 390-418
Author(s):  
Christos Kalloniatis ◽  
Argyri Pattakou ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Information Systems ◽  
Personal Information ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Economic Relationships ◽  
Analysis And Design ◽  
Privacy Requirements ◽  
Systems Analysis And Design ◽  
User Data

Pervasiveness of information systems is well underway, redefining our social and economic relationships. This technological revolution has generated enormous capabilities, but also enabled the creation of new vulnerabilities and threats. A major challenge in the field of information systems is therefore, to ensure the trustworthiness of the underlying technologies that make possible the generation, collection, storage, processing and transmission of user data at rates more intensive than ever before. Trust in information systems depends on different aspects, one of which is the security of user's data. Data security is referred as the protection of user's data from corruption and unauthorized access. Another important aspect of trust is the protection of user's privacy. Protecting privacy is about complying with user's desires when it comes to handling personal information. Without security to guarantee data protection, appropriate uses of that data cannot be realized. This implies that security and privacy issues are inherently intertwined and should be viewed synergistically. The aim of this paper is to elevate modern practices for ensuring security and privacy during software systems analysis and design. To this end, the basic security and privacy requirements that should be considered are introduced. Additionally, a number of well known methods in the research area of requirements engineering which focus on eliciting and modeling security and privacy requirements are described. Finally, a comparative analysis between these methods is presented.

Addressing Privacy in Traditional and Cloud-Based Systems

2017 ◽  
pp. 1900-1930
Author(s):  
Christos Kalloniatis ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Credit Card ◽  
System Analysis ◽  
Systems Design ◽  
Personal Data ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Privacy Requirements ◽  
Credit Card Data ◽  
Privacy Violation

A major challenge in the field of software engineering is to make users trust the software that they use in their everyday activities for professional or recreational reasons. Amid the main criteria that formulate users' trust is the way that that their privacy is protected. Indeed, privacy violation is an issue of great importance for active online users that daily accomplish several transactions that may convey personal data, sensitive personal data, employee data, credit card data and so on. In addition, the appearance of cloud computing has elevated the number of personally identifiable information that users provide in order to gain access to various services, further raising user concerns as to how and to what extend information about them is communicated to others. The aim of this work is to elevate the modern practices for ensuring privacy during software systems design. To this end, the basic privacy requirements that should be considered during system analysis are introduced. Additionally, a number of well-known methods that have been introduced in the research area of requirements engineering which aim on eliciting and modeling privacy requirements during system design are introduced and critically analyzed. The work completes with a discussion of the additional security and privacy concepts that should be considered in the context of cloud-based information systems and how these affect current research.

Addressing Privacy in Traditional and Cloud-Based Systems

2015 ◽  
pp. 1631-1659
Author(s):  
Christos Kalloniatis ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Credit Card ◽  
System Analysis ◽  
Systems Design ◽  
Personal Data ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Privacy Requirements ◽  
Credit Card Data ◽  
Privacy Violation

A major challenge in the field of software engineering is to make users trust the software that they use in their everyday activities for professional or recreational reasons. Amid the main criteria that formulate users' trust is the way that that their privacy is protected. Indeed, privacy violation is an issue of great importance for active online users that daily accomplish several transactions that may convey personal data, sensitive personal data, employee data, credit card data and so on. In addition, the appearance of cloud computing has elevated the number of personally identifiable information that users provide in order to gain access to various services, further raising user concerns as to how and to what extend information about them is communicated to others. The aim of this work is to elevate the modern practices for ensuring privacy during software systems design. To this end, the basic privacy requirements that should be considered during system analysis are introduced. Additionally, a number of well-known methods that have been introduced in the research area of requirements engineering which aim on eliciting and modeling privacy requirements during system design are introduced and critically analyzed. The work completes with a discussion of the additional security and privacy concepts that should be considered in the context of cloud-based information systems and how these affect current research.

Designing Privacy Aware Information Systems

2011 ◽  
pp. 212-231
Author(s):  
Christos Kalloniatis ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
System Design ◽  
System Analysis ◽  
Personal Information ◽  
Systems Design ◽  
Research Area ◽  
Software Systems ◽  
User Privacy ◽  
Implementation Phase ◽  
Privacy Requirements ◽  
The Right

A major challenge in the field of software engineering is to make users trust the software that they use in their everyday activities for professional or recreational reasons. Trusting software depends on various elements, one of which is the protection of user privacy. Protecting privacy is about complying with user’s desires when it comes to handling personal information. Users’ privacy can also be defined as the right to determine when, how and to what extend information about them is communicated to others. Current research stresses the need for addressing privacy issues during the system design rather than during the system implementation phase. The aim of this chapter is to elevate the modern practices for ensuring privacy during the software systems’ design phase. Through the presentation of the modern methods, the basic privacy requirements that should be considered during system analysis are introduced. Additionally, a number of well known methods that have been introduced in the research area of requirements engineering which aim on eliciting and analyzing privacy requirements during system design are introduced and analyzed. Finally, a comparative analysis between these methods is presented.

Addressing Privacy in Traditional and Cloud-Based Systems

2014 ◽  
Vol 2 (1) ◽  
pp. 14-40 ◽  
Author(s):  
Christos Kalloniatis ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Credit Card ◽  
System Analysis ◽  
Systems Design ◽  
Personal Data ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Privacy Requirements ◽  
Credit Card Data ◽  
Privacy Violation

A major challenge in the field of software engineering is to make users trust the software that they use in their everyday activities for professional or recreational reasons. Amid the main criteria that formulate users' trust is the way that that their privacy is protected. Indeed, privacy violation is an issue of great importance for active online users that daily accomplish several transactions that may convey personal data, sensitive personal data, employee data, credit card data and so on. In addition, the appearance of cloud computing has elevated the number of personally identifiable information that users provide in order to gain access to various services, further raising user concerns as to how and to what extend information about them is communicated to others. The aim of this work is to elevate the modern practices for ensuring privacy during software systems design. To this end, the basic privacy requirements that should be considered during system analysis are introduced. Additionally, a number of well-known methods that have been introduced in the research area of requirements engineering which aim on eliciting and modeling privacy requirements during system design are introduced and critically analyzed. The work completes with a discussion of the additional security and privacy concepts that should be considered in the context of cloud-based information systems and how these affect current research.

Sign in / Sign up

Export Citation Format

Share Document