Incorporating Security Requirements from Legal Regulations into UMLsec model

Shareeful Islam, Jan Jürjens
2008 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems  
Compliance with law, industry standards, and corporate governance regulations are one of the driving factors for discovering security requirements. This paper aims to incorporate constraints from regulations through security requirements at an early stage of development. Constraints are extracted using a pattern based approach from legal texts of information security laws and policies derived from the security standard ISO/IEC 27001:2005. The UML extension UMLsec is then used to address whether
more » ... the security requirements defined in a UMLsec model implement these constraints successfully.
dblp:conf/models/IslamJ08 fatcat:cfzwuf6a4zbjjhepofovpzno5q