[1]
|
[1] D. Reinsel, C. Chute, W. Schlichting, J. McArthur, I. Xheneti, A. Toncheva, and A. Manfrediz, “A for- ecast of worldwide information growth through 2010.” An IDC White Paper, 2007. http://www.emc.com/about/destina-tion/digital_universe/pdf/Expanding_Digital_Universe_I-DC_WhitePaper_022507.pdf
|
[2]
|
[2] Nexsan Technologies Inc, White paper on enabling in-formation lifecycle management, 2005. http://www.me- ganet1.com/pdf/Enabling%20Information%20Lifecycle%20management.pdf
|
[3]
|
[3] M. J. May, C. A. Gunter, and I. Lee, “Privacy APIs: Ac-cess control techniques to analyze and verify legal pri-vacy policies,” 19th IEEE Workshop Computer Security Foundations, pp. 85-97, 2006.
|
[4]
|
[4] T. D. Breaux and A. I. Antón, “Deriving semantic models from privacy policies,” 6th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 67-76, 2005.
|
[5]
|
[5] S-W. Lee, R. Gandhi, D. Muthurajan, D. Yavagal, and G- J. Ahn, “Building problem domain ontology from secu-rity requirements in regulatory documents,” International Workshop on Software Engineering for Secure Systems, Shanghai, China, pp. 43-50, 2006.
|
[6]
|
[6] A. I. Antón, J. B. Earp, Q. He, W. Stufflebeam, D. Bol-chini, and C. Jensen, “Financial privacy policies and the need for standardization,” IEEE Security and Privacy, Vol. 2, No. 2, pp. 36-45, 2004.
|
[7]
|
[7] A. I. Antón, “Goal-based requirements analysis,” 2nd IEEE International Conference on Requirements Engi-neering, pp. 136-144, 1996.
|
[8]
|
[8] T. D. Breaux and A. I. Antón, “Analyzing goal semantics for rights, permissions and obligations,” 13th IEEE In-ternational Conference on Requirements Engineering, pp. 177-186, 2005.
|
[9]
|
[9] P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone, “Modeling security requirements through ownership, permission and delegation,” 13th IEEE International Conference on Requirements Engineering, pp. 167-176, 2005.
|
[10]
|
[10] T. Breaux and A. I. Antón, “Analyzing regulatory rules for privacy and security requirements,” IEEE Transac-tions on Software Engineering, Vol. 34, No. 1, pp. 5-20, January 2008.
|
[11]
|
[11] D. Tindal, “Safety officer’s briefing book,” Civil Air Patrol, United States Air Force Auxiliary, February 1 2000. http://www.iawg.cap.gov/archives/ iawgsafety-manual.pdf.
|
[12]
|
[12] S. Al-Fedaghi, “Scrutinizing the rule: Privacy realization in HIPAA,” International Journal of Healthcare Informa-tion Systems and Informatics (IJHISI), Vol. 3, No. 2, 2008.
|
[13]
|
[13] HHS, “Summary of the HIPAA privacy rule,” U.S. De-partment of Health & Human Services, 2003. http://www. hhs.gov/ocr/privacysummary.pdf.
|
[14]
|
[14] S. Al-Fedaghi, “Software engineering interpretation of information processing regulations”, IEEE 32nd Annual International Computer Software and Applications Con-ference (IEEE COMPSAC 2008), Turku, Finland, July 28–August 1, 2008.
|
[15]
|
[15] Office for Civil Rights, US Department of Health and Human Services, “Medical privacy: National standards to protect the privacy of personal health information,” 2000 http://www.hhs.gov/ocr/hipaa/finalreg.html.
|
[16]
|
[16] T. D. Breaux and A. I. Antón, “Semantic parameteriza-tion: A conceptual modeling process for domain descrip-tions,” North Carolina State University Computer Sci-ence Technical Report TR-2006-35, October 2006.
|
[17]
|
[17] R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, “Role-based access control models,” IEEE Computer, Vol. 29, No. 2, pp. 38-47, 1996.
|