Abstract
Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control Infrastructure, etc.) have been proposed to address security and privacy issues. However, understanding why, and when such solutions have to be adopted is often unanswered because the answer comes only from a broader perspective, accounting for legal and organizational issues. Security engineers and legal experts should analyze the business goals of a company and its organizational structure and derive from there the points where security and privacy problems may arise and which solutions best fit such (legal) problems. The paper investigates the methodological support for capturing security and privacy requirements of a concrete health care provider. © 2008 Springer Science+Business Media B.V.
Original language | English |
---|---|
Pages (from-to) | 1-30 |
Journal | Artificial Intelligence and Law |
Volume | 17 |
Issue number | 1 |
DOIs | |
Publication status | Published - Mar 2009 |
Externally published | Yes |