Octopus: University of The Aegean Research & Project Outputs System

Conference

Authors:	Kalloniatis C., Kavakli E., Gritzalis S.
Title:	Using Privacy Process Patterns for incorporating Privacy requirements into the System Design Process
Conference:	ARES 2007 The International Conference on Availability, Reliability, and Security - SecSE 2007 Secure Software Engineering Workshop
Editors:	T. Skramstad et al.
Ed:	No
Eds:	Yes
Pages:	1009-1016
To appear:	No
Month:	April
Year:	2007
Place:	Vienna, Austria
Pubisher:	IEEE CPS
Link:	http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=4159903&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D4159903
File name:
Abstract:	In the online world every person has to hold a number of different data sets so as to be able to have access to various e-services and take part in specific economical and social transactions. Such data sets require special consideration since they may convey personal data, sensitive personal data, employee data, credit card data etc. Recent surveys have shown that people feel that their privacy is at risk from identity theft and erosion of individual rights. The result is that privacy violation is becoming an increasingly critical issue in modern societies. To this end, PriS, a new security requirements engineering methodology, has been introduced aiming to incorporate privacy requirements early in the system development process. In this paper, we extend the PriS conceptual framework by introducing privacy process patterns as a way for describing the effect of privacy requirements on business processes. In addition, privacy process patterns facilitate the identification of the system architecture that best supports the privacy-related business processes, thus providing a holistic approach from business goals to `privacy-compliant' IT systems.