Share This Article:

Interpretation of Information Processing Regulations

Abstract Full-Text HTML Download Download as PDF (Size:381KB) PP. 67-76
DOI: 10.4236/jsea.2009.22011    4,713 Downloads   9,354 Views   Citations

ABSTRACT

Laws and policies impose many information handling requirements on business practices. Compliance with such regu-lations requires identification of conflicting interpretations of regulatory conditions. Current software engineering methods extract software requirements by converting legal text into semiformal constraints and rules. In this paper we complement these methods with a state-based model that includes all possibilities of information flow. We show that such a model provides a foundation for the interpretation process.

Conflicts of Interest

The authors declare no conflicts of interest.

Cite this paper

S. Al-Fedaghi, "Interpretation of Information Processing Regulations," Journal of Software Engineering and Applications, Vol. 2 No. 2, 2009, pp. 67-76. doi: 10.4236/jsea.2009.22011.

References

[1] [1] D. Reinsel, C. Chute, W. Schlichting, J. McArthur, I. Xheneti, A. Toncheva, and A. Manfrediz, “A for- ecast of worldwide information growth through 2010.” An IDC White Paper, 2007. http://www.emc.com/about/destina-tion/digital_universe/pdf/Expanding_Digital_Universe_I-DC_WhitePaper_022507.pdf
[2] [2] Nexsan Technologies Inc, White paper on enabling in-formation lifecycle management, 2005. http://www.me- ganet1.com/pdf/Enabling%20Information%20Lifecycle%20management.pdf
[3] [3] M. J. May, C. A. Gunter, and I. Lee, “Privacy APIs: Ac-cess control techniques to analyze and verify legal pri-vacy policies,” 19th IEEE Workshop Computer Security Foundations, pp. 85-97, 2006.
[4] [4] T. D. Breaux and A. I. Antón, “Deriving semantic models from privacy policies,” 6th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 67-76, 2005.
[5] [5] S-W. Lee, R. Gandhi, D. Muthurajan, D. Yavagal, and G- J. Ahn, “Building problem domain ontology from secu-rity requirements in regulatory documents,” International Workshop on Software Engineering for Secure Systems, Shanghai, China, pp. 43-50, 2006.
[6] [6] A. I. Antón, J. B. Earp, Q. He, W. Stufflebeam, D. Bol-chini, and C. Jensen, “Financial privacy policies and the need for standardization,” IEEE Security and Privacy, Vol. 2, No. 2, pp. 36-45, 2004.
[7] [7] A. I. Antón, “Goal-based requirements analysis,” 2nd IEEE International Conference on Requirements Engi-neering, pp. 136-144, 1996.
[8] [8] T. D. Breaux and A. I. Antón, “Analyzing goal semantics for rights, permissions and obligations,” 13th IEEE In-ternational Conference on Requirements Engineering, pp. 177-186, 2005.
[9] [9] P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone, “Modeling security requirements through ownership, permission and delegation,” 13th IEEE International Conference on Requirements Engineering, pp. 167-176, 2005.
[10] [10] T. Breaux and A. I. Antón, “Analyzing regulatory rules for privacy and security requirements,” IEEE Transac-tions on Software Engineering, Vol. 34, No. 1, pp. 5-20, January 2008.
[11] [11] D. Tindal, “Safety officer’s briefing book,” Civil Air Patrol, United States Air Force Auxiliary, February 1 2000. http://www.iawg.cap.gov/archives/ iawgsafety-manual.pdf.
[12] [12] S. Al-Fedaghi, “Scrutinizing the rule: Privacy realization in HIPAA,” International Journal of Healthcare Informa-tion Systems and Informatics (IJHISI), Vol. 3, No. 2, 2008.
[13] [13] HHS, “Summary of the HIPAA privacy rule,” U.S. De-partment of Health & Human Services, 2003. http://www. hhs.gov/ocr/privacysummary.pdf.
[14] [14] S. Al-Fedaghi, “Software engineering interpretation of information processing regulations”, IEEE 32nd Annual International Computer Software and Applications Con-ference (IEEE COMPSAC 2008), Turku, Finland, July 28–August 1, 2008.
[15] [15] Office for Civil Rights, US Department of Health and Human Services, “Medical privacy: National standards to protect the privacy of personal health information,” 2000 http://www.hhs.gov/ocr/hipaa/finalreg.html.
[16] [16] T. D. Breaux and A. I. Antón, “Semantic parameteriza-tion: A conceptual modeling process for domain descrip-tions,” North Carolina State University Computer Sci-ence Technical Report TR-2006-35, October 2006.
[17] [17] R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, “Role-based access control models,” IEEE Computer, Vol. 29, No. 2, pp. 38-47, 1996.

  
comments powered by Disqus

Copyright © 2019 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.