Holistic and Law Compatible IT Security Evaluation-Reference-Cited by-同舟云学术

Holistic and Law Compatible IT Security Evaluation

Published:2015 Issue: Volume: Page:927-946
ISSN:
Container-title:Transportation Systems and Engineering
language:
Short-container-title:

Author:

Simić-Draws Daniela¹,Neumann Stephan²,Kahlert Anna³,Richter Philipp³,Grimm Rüdiger¹,Volkamer Melanie²,Roßnagel Alexander³

Affiliation:

1. Universität Koblenz-Landau, Germany

2. Technische Universität Darmstadt, Germany

3. Universität Kassel, Germany

Abstract

Common Criteria and ISO 27001/IT-Grundschutz are well acknowledged evaluation standards for the security of IT systems and the organisation they are embedded in. These standards take a technical point of view. In legally sensitive areas, such as processing of personal information or online voting, compliance with the legal specifications is of high importance, however, for the users' trust in an IT system and thus for the success of this system. This article shows how standards for the evaluation of IT security may be integrated with the KORA approach for law compatible technology design to the benefit of both – increasing confidence IT systems and their conformity with the law on one hand and a concrete possibility for legal requirements to be integrated into technology design from the start. The soundness of this interdisciplinary work will be presented in an exemplary application to online voting.

Publisher

IGI Global

Reference27 articles.

1. Beckers, K., Faßbender, S., Küster, J.-C., & Schmidt, H. (2012a). A pattern-based method for identifying and analyzing laws. In B. Regnell & D. Damian (Eds.), Proceedings of the International Working Conference on Requirements Engineering: Foundation for Software Quality 2012: Volume 7195 Lecture Notes in Computer Science (pp. 256-262). Wiesbaden, Germany: Springer.

2. Beckers, K., Faßbender, S., & Schmidt, H. (2012b). An integrated method for pattern-based elicitation of legal requirements applied to a cloud computing example. In Proceedings of the Seventh International Conference on Availability, Reliability and Security (ARES 2012) (pp. 463-472). IEEE Computer Society.

3. Bräunlich. K., Richter. P., Grimm, R., & Roßnagel, A. (2011). Verbindung von CC-Schutzprofilen mit der Methode rechtlicher IT-Gestaltung KORA – Anwendungsbeispiel: Wahlgeheimnis. Datenschutz und Datensicherheit, 129-135.

4. Breaux, T., & Antón, A. (2005a). Analyzing goal semantics for rights, permission, and obligations. In Proceedings of the 13th IEEE International Conference on Requirements Engineering (RE `05). (pp. 177-186). IEEE Computer Society.

5. Breaux, T., & Antón, A. (2005b). Deriving semantic models from privacy policies. In POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (pp. 67-76). IEEE Computer Society.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Conceptual View on the Design and Properties of Explainable AI Systems for Legal Settings;AI Approaches to the Complexity of Legal Systems XI-XII;2021