TY - JOUR
T1 - Using a security requirements engineering methodology in practice
T2 - The compliance with the Italian data protection legislation
AU - Massacci, F.
AU - Prest, M.
AU - Zannone, N.
PY - 2005/6
Y1 - 2005/6
N2 - Extending Requirements Engineering modelling and formal analysis methodologies to cope with Security Requirements has been a major effort in the past decade. Yet, only few works describe complex case studies that show the ability of the informal and formal approaches to cope with the level complexity required by compliance with ISO-17799 security management requirements. In this paper we present a comprehensive case study of the application of the Secure Tropos RE methodology for compliance to the Italian legislation on Privacy and Data Protection by the University of Trento, leading to the definition and analysis of a ISO-17799-like security management scheme. © 2005 Elsevier B.V. All rights reserved.
AB - Extending Requirements Engineering modelling and formal analysis methodologies to cope with Security Requirements has been a major effort in the past decade. Yet, only few works describe complex case studies that show the ability of the informal and formal approaches to cope with the level complexity required by compliance with ISO-17799 security management requirements. In this paper we present a comprehensive case study of the application of the Secure Tropos RE methodology for compliance to the Italian legislation on Privacy and Data Protection by the University of Trento, leading to the definition and analysis of a ISO-17799-like security management scheme. © 2005 Elsevier B.V. All rights reserved.
U2 - 10.1016/j.csi.2005.01.003
DO - 10.1016/j.csi.2005.01.003
M3 - Article
VL - 27
SP - 445
EP - 455
JO - Computer Standards and Interfaces
JF - Computer Standards and Interfaces
IS - 5
ER -