Perceptions of ICT practitioners regarding software privacy

During software development activities, it is important for Information and Communication Technology (ICT) practitioners to know and understand practices and guidelines regarding information privacy, as software requirements must comply with data privacy laws and members of development teams should know current legislation related to the protection of personal data. In order to gain a better understanding on how industry ICT practitioners perceive the practical relevance of software privacy and privacy requirements and how these professionals are implementing data privacy concepts, we conducted a survey with ICT practitioners from software development organizations to get an overview of how these professionals are implementing data privacy concepts during software design. We performed a systematic literature review to identify related works with software privacy and privacy requirements and what methodologies and techniques are used to specify them. In addition, we conducted a survey with ICT practitioners from different organizations. Findings revealed that ICT practitioners lack a comprehensive knowledge of software privacy and privacy requirements and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, LGPD, in Portuguese), nor they are able to work with the laws and guidelines governing data privacy. Organizations are demanded to define an approach to contextualize ICT practitioners with the importance of knowledge of software privacy and privacy requirements, as well as to address them during software development, since LGPD must change the way teams work, as a number of features and controls regarding consent, documentation, and privacy accountability will be required

Finding and Resolving Security Misusability with Misusability Cases

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice- versa. One way of using scenarios to bridge security and usability involves explicitly describing how design deci- sions can lead to users inadvertently exploiting vulnera- bilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems sub- sequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illus- trating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems

A Methodology for Assuring Privacy by Design in Information Systems

There is no doubt that privacy by design PbD has become a structuring paradigm for personal data protection. Certainly this paradigm has been in use since 1995; however the GDRP "The General Data Protection Regulation", by considering PbD in 2018 as a legal obligation, it testifies the PbD seven principles relevance. Companies are therefore called to put in place technical and organizational measures to integrate PbD into companies. Hence the need for a methodology to provide an exhaustive approach adapted to this implementation. Given the focus of the literature on the implementation of methodologies dedicated to the embodiment of PbD only in software systems, this article aims to propose an ISPM methodology "Information System Privacy Methodology" which focuses on the implementation of PbD in the enterprises architecture, specifically in information systems taking into account all the technical and organizational aspects which must be adopted for the said goal success

The Role of Gamification in Privacy Protection and User Engagement

The interaction between users and several technologies has rapidly increased. In people’s daily habits, the use of several applications for different reasons has been introduced. The provision of attractive services is an important aspect that it should be considered during their design. The implementation of gamification supports this, while game elements create a more entertaining and appealing environment. At the same time, due to the collection and record of users’ information within them, security and privacy are needed to be considered as well, in order for these technologies to ensure a minimum level of security and protection of users’ information. Users, on the other hand, should be aware of their security and privacy, so as to recognize how they can be protected, while using gamified services. In this work, the relation between privacy and gamified applications, regarding both the software developers and the users, is discussed, leading to the necessity not only of designing privacy-friendly systems but also of educating users through gamification on privacy issues

Differentiator factors in the implementation of social network sites

Estágio realizado na Business Analyst da Documento Crítico - Desenvolvimento de Software, S. A. (Cardmobili) e orientado pelo Eng.ª Catarina MaiaTese de mestrado integrado. Engenharia Informática e Computação. Faculdade de Engenharia. Universidade do Porto. 200

Design as Code: Facilitating Collaboration between Usability and Security Engineers using CAIRIS

Designing usable and secure software is hard with- out tool-support. Given the importance of requirements, CAIRIS was designed to illustrate the form tool-support for specifying usable and secure systems might take. While CAIRIS supports a broad range of security and usability engineering activities, its architecture needs to evolve to meet the workflows of these stakeholders. To this end, this paper illustrates how CAIRIS and its models act as a vehicle for collaboration between usability and security engineers. We describe how the modified architecture of CAIRIS facilitates this collaboration, and illustrate the tool using three usage scenarios

Towards an Ontology-Based Approach for Reusing Non-Functional Requirements Knowledge

Requirements Engineering play a crucial role during the software development process. Many works have pointed out that Non-Functional Requirements (NFR) are currently more important than Functional Requirements. NFRs can be very complicated to understand due to its diversity and subjective nature. The NDR Framework has been proposed to fill some of the existing gaps to facilitate NFR elicitation and modeling. In this thesis, we introduce a tool that plays a major role in the NDR Framework allowing software engineers to store and reuse NFR knowledge. The NDR Tool converts the knowledge contained in Softgoal Interdependency Graphs (SIGs) into a machine-readable format that follows the NFR and Design Rationale (NDR) Ontology. It also provides mechanisms to query the knowledge base and produces graphical representation for the results obtained. To evaluate whether our approach aids eliciting NFRs, we conducted an experiment performing a software development scenario