Combining Privacy and Security Risk Assessment in Security Quality Requirements Engineering

Functional or end user requirements are the tasks that the system - Protection and control of consolidated data under development is expected to perform. However, nonfunctional - Data retrieval requirements are the qualities that the system is - Equitable treatment of users to adhere to. Functional requirements are not as difficult - Data retention and disposal to tackle, as it is easier to test their implementation in the - User monitoring and protection against unauthorized system under development. Security and privacy requirements monitoring are considered nonfunctional requirements, although in many instances they do have functionality. To identify Several laws and regulations provide a set of guidelines privacy risks early in the design process, privacy requirements that can be used to assess privacy risks. For example, engineering is used (Chiasera et al. 2008). However, the Health Insurance Portability and Accountability Act unlike security requirements engineering, little attention is (HIPAA) addresses privacy concerns of health information paid to privacy requirements engineering, thus it is less mature systems by enforcing data exchange standards.