Abstract
Regulatory compliance is a top priority for organizations in highly regulated ecosystems. As most operations are automated, the compliance efforts focus on the information systems supporting the business processes of the organizations and, to a lesser extent, on the humans using, managing, and maintaining them. Yet, the human factor is an unpredictable and challenging component of a secure system development and should be considered throughout the development process as both a legitimate user and a threat. In this chapter, the authors propose COMPARCH as a compliance-driven system engineering framework for privacy and security in socio-technical systems. It consists of (1) a risk-based requirement management process, (2) a test-driven security and privacy modeling framework, and (3) a simulation-based validation approach. The satisfaction of the regulatory requirements is evaluated through the simulation traces analysis. The authors use as a running example an E-CITY system providing municipality services to local communities.
| Original language | English |
|---|---|
| Title of host publication | Research Anthology on Privatizing and Securing Data |
| Publisher | IGI Global |
| Pages | 933-962 |
| Number of pages | 30 |
| ISBN (Electronic) | 9781799889557 |
| ISBN (Print) | 9781799889540 |
| DOIs | |
| Publication status | Published - Jan 1 2021 |
| Externally published | Yes |
ASJC Scopus subject areas
- Computer Science(all)