9 research outputs found

    Evaluating a Reference Architecture for Privacy Level Agreement\u27s Management

    Get PDF
    With the enforcement of the General Data Protection Regulation and the compliance to specific privacyand security-related principles, the adoption of Privacy by Design and Security by Design principles can be considered as a legal obligation for all organisations keeping EU citizens’ personal data. A formal way to support Data Controllers towards their compliance to the new regulation could be a Privacy Level Agreement (PLA), a mutual agreement of the privacy settings between a Data Controller and a Data Subject, that supports privacy management, by analysing privacy threats, vulnerabilities and Information Systems’ trust relationships. However, the concept of PLA has only been proposed on a theoretical level. In this paper, we propose a novel reference architecture to enable PLA management in practice, and we report on the application and evaluation of PLA management within the context of real-life case studies from two different domains, the public administration and the healthcare, where sensitive data is kept. The results are rather positive, indicating that the adoption of such an agreement promotes the transparency of an organisation while enhances data subjects’ trust

    A Readiness Model for Secure Requirements Engineering

    Get PDF

    Exploring Strategies for Capturing Requirements for Developing ICT4D Applications

    Get PDF
    Some software engineers make decisions using applications designed from poorly captured user requirements. The quality of user requirements is crucial in the requirements engineering process, costing 50 times more to remedy the defects of using poorly captured user requirements. Grounded in the socialization, externalization, combination and internalization model of Nonaka theoretical framework, the purpose of this qualitative multiple case study was to explore strategies software engineers in Southern African software houses and IT departments use for capturing information and communication technology for development (ICT4D) requirements. The participants consisted of software 12 engineers who were working in Southern Africa, capturing ICT4D requirements. The data were collected using semistructured interviews. Thematic analysis was used, and four themes emerged: (a) interacting with stakeholders—socialization, (b) transforming interactive knowledge into user requirements—externalization, (c) sharing documented knowledge about user requirements—combination, and (d) applying assimilated knowledge from documented knowledge—internalization. A recommendation is for software engineers to capture their users’ needs and experiences to develop reliable ICT4D software that can assist in delivering interventions to marginalized societies. The implications for positive social change include improving the socioeconomic status of marginalized citizens with ICT4D software applications due to potentially improved requirements engineering practices

    Assessing the validity of decision support systems : a case study from the sustainable management of the West Bank Aquifer

    Get PDF
    Decision support systems (DSS) have been widely advocated as key tools for the integrated management of water resources, which emerged as a critical need for addressing the various technical, economic, social, environmental and politicoinstitutional challenges facing the management of water resources. This thesis aims at developing a framework for assessing the validity of DSS in application to water resources management, more particularly reviewing Multi-Criteria Analysis (MCA) and Cost-Benefit Analysis (CBA) as a basis for decision-making. This is critical at times of increasing demand for tools such as DSS, and therefore the increasing importance of overcoming a major DSS limitation, which is validity. The proposed framework consists of two complementary approaches: (1) assessing intra-model validity (MCA), an approach which consists of studying the level of confidence in the comprehensiveness of management options (MO) and basic indicators (BI), analysing uncertainty in the performance values and weights assigned to BI, undertaking a sensitivity analysis of MO ranking to BI performance values and weights, and, based on results, generating as well as evaluating strategy alternatives; (2) assessing DSS inter-model validity, an approach which consists of comparing models (MCA and CBA). The application of the framework to the Sustainable Management of the West Bank Aquifer (SUSMAQ) generates results very much consistent with literature findings: importance of sensitivity analysis as a practical alternative to uncertainty analysis, sensitivity of MO ranking to BI performance values more than to BI weights, importance of accounting for indirect benefits and for the choice of discount rate in CBA, complementarity if not equivalence of MCA and CBA, etc. Although the aim of the thesis is methodological, the application uses validity assessment results to test various strategies for the management of water resources in the West Bank, as an illustrative example only.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
    corecore