Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/springer-journals/evaluating-a-privacy-requirements-specification-method-by-using-a-TBDGDK2V5S
References (81)
-
(2015)
nology; ubiquitous computing and communications; dependable, autonomic and secure computing; pervasive intelligence and computing -
Cesare Bartolini, Said Daoudagh, G. Lenzini, E. Marchetti (2019)
GDPR-Based User Stories in the Access Control Perspective -
Li Zhang, Jianjun Tian, Jing Jiang, Yi-Jun Liu, Meng-Yuan Pu, T. Yue (2018)
Empirical Research in Software Engineering — A Literature SurveyJournal of Computer Science and Technology, 33
-
V. Venkatesh, Fred Davis (2000)
A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field StudiesManagement Science, 46
-
G. Lucassen, F. Dalpiaz, J. Werf, S. Brinkkemper (2016)
The Use and Effectiveness of User Stories in Practice -
H. Mouratidis, P. Giorgini, G. Manson (2005)
When security meets software engineering: a case of modelling secure information systemsInf. Syst., 30
-
Mai Nguyen (2010)
Empirical Evaluation of a Universal Requirements Engineering Process Maturity Model -
Larissa Chazette, K. Schneider (2020)
Explainability as a non-functional requirement: challenges and recommendationsRequirements Engineering
-
Mike Cohn (2004)
User Stories Applied: For Agile Software Development -
S. Spiekermann, L. Cranor (2009)
Engineering PrivacyIEEE Transactions on Software Engineering, 35
-
J DeCew, EN Zalta (2018)
PrivacyThe Stanford encyclopedia of philosophy
-
H. Mouratidis, Shareeful Islam, Christos Kalloniatis, S. Gritzalis (2013)
A framework to support selection of cloud providers based on security and privacy requirementsJ. Syst. Softw., 86
-
(1975)
The environment and social behavior: privacy, personal space, territory, and crowding -
E. Canedo, Ian Bandeira, A. Calazans, P. Costa, Emille Cançado, R. Bonifácio (2022)
Privacy requirements elicitation: a systematic literature review and perception analysis of IT practitionersRequirements Engineering, 28
-
Khaled Abdelazim, R. Moawad, Essam Elfakharany (2020)
A Framework for Requirements Prioritization Process in Agile Software DevelopmentJournal of Physics: Conference Series, 1454
-
Hugo Villamizar, Marcos Kalinowski, Alessandro Garcia, D. Méndez (2020)
An efficient approach for reviewing security-related aspects in agile requirements specifications of web applicationsRequirements Engineering, 25
-
Martin Höst, B. Regnell, C. Wohlin (2000)
Using Students as Subjects—A Comparative Study of Students and Professionals in Lead-Time Impact AssessmentEmpirical Software Engineering, 5
-
R. Ferrari, James Miller, N. Madhavji (2010)
A controlled experiment to assess the impact of system architectures on new system requirementsRequirements Engineering, 15
-
J. Rubenfeld (1989)
The Right of PrivacyHarvard Law Review, 102
-
M. Peixoto, Dayse Ferreira, Mateus Cavalcanti, Carla Silva, Jéssyka Vilela, J. Araújo, T. Gorschek (2020)
On Understanding How Developers Perceive and Interpret Privacy Requirements Research Preview -
G. Lucassen, F. Dalpiaz, J. Werf, S. Brinkkemper (2017)
Improving User Story Practice with the Grimm Method: A Multiple Case Study in the Software Industry -
M.C. Fernandez (2018)
Status Quo in Requirements Engineering: A Theory and a Global Family of Surveys -
M. Peixoto, Carla Silva, Ricarth Lima, J. Araújo, T. Gorschek, Jean Silva (2019)
PCM Tool: Privacy Requirements Specification in Agile Software DevelopmentAnais Estendidos da Conferência Brasileira de Software: Teoria e Prática
-
Thomas Olsson, Séverine Sentilles, Efi Papatheocharous (2022)
A systematic literature review of empirical research on quality requirementsRequirements Engineering, 27
-
D. Falessi, N. Juristo, C. Wohlin, Burak Turhan, Jürgen Münch, Andreas Jedlitschka, M. Oivo (2017)
Empirical software engineering experts on the use of students and professionals in experimentsEmpirical Software Engineering, 23
-
(2002)
Educational research: planning, conducting, and evaluating quantitative -
A. Cavoukian (2012)
Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices -
M. Peixoto, Carla Silva (2018)
Specifying privacy requirements with goal-oriented modeling languagesProceedings of the XXXII Brazilian Symposium on Software Engineering
-
S. Wagner, Daniel Fernández, Marcos Kalinowski, M. Felderer (2018)
Agile Requirements Engineering in Practice: Status Quo and Critical ProblemsCLEI Electron. J., 21
-
S. Alharbi, Steve Drew (2014)
Using the Technology Acceptance Model in Understanding Academics' Behavioural Intention to Use Learning Management SystemsInternational Journal of Advanced Computer Science and Applications, 5
-
D. Kleinman (1991)
Science and Technology in Society: From Biotechnology to the Internet -
Miguel Caldas (2003)
Research design: qualitative, quantitative, and mixed methods approaches, 7
-
Talat Ambreen, N. Ikram, M. Usman, M. Niazi (2018)
Empirical research in requirements engineering: trends and opportunitiesRequirements Engineering, 23
-
(2019)
GDPRbased user stories in the access control perspective. In: Quality of information and communications technology. Springer, Cham, pp 3–17 -
(2009)
Privacy by design: the 7 foundational principles. Information and Privacy Commissioner of Ontario -
A. Antón, J. Earp (2001)
Strategies for Developing Policies and Requirements for Secure and Private Electronic Commerce -
M. Gharib, P. Giorgini, J. Mylopoulos (2017)
Towards an Ontology for Privacy Requirements via a Systematic Literature Review -
Wadha Labda, N. Mehandjiev, P. Sampaio (2014)
Modeling of privacy-aware business processes in BPMN to protect personal dataProceedings of the 29th Annual ACM Symposium on Applied Computing
-
Mikael Svahnberg, A. Aurum, C. Wohlin (2008)
Using students as subjects - an empirical evaluation -
Rashidah Kasauli, Grischa Liebel, E. Knauss, S. Gopakumar, Benjamin Kanagwa (2017)
Requirements Engineering Challenges in Large-Scale Agile System Development2017 IEEE 25th International Requirements Engineering Conference (RE)
-
Niels Bik, G. Lucassen, S. Brinkkemper (2017)
A Reference Method for User Story Requirements in Agile Systems Development2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)
-
(2018)
Privacy. In: Zalta EN (ed) The Stanford encyclopedia of philosophy, spring 2018 -
S. Wagner, Daniel Fernández, M. Felderer, A. Vetrò, Marcos Kalinowski, R. Wieringa, Dietmar Pfahl, T. Conte, Marie-Therese Christiansson, D. Greer, C. Lassenius, T. Männistö, Maleknaz Nayebi, M. Oivo, B. Penzenstadler, R. Prikladnicki, G. Ruhe, A. Schekelmann, S. Sen, R. Spínola, A. Tuzcu, J. Vara, D. Winkler (2018)
Status Quo in Requirements EngineeringACM Transactions on Software Engineering and Methodology (TOSEM), 28
-
Jéssyka Vilela, J. Castro, L. Martins, T. Gorschek (2020)
Safety Practices in Requirements Engineering: The Uni-REPM Safety ModuleIEEE Transactions on Software Engineering, 46
-
M. Gharib, J. Mylopoulos, P. Giorgini (2020)
COPri - A Core Ontology for Privacy Requirements Engineering -
Javier Izquierdo, Julián Salas (2018)
A UML Profile for Privacy Enforcement -
H. Nissenbaum (2009)
Privacy in Context -
S. Warren, Louis Brandeis (1890)
The Right to PrivacyHarvard Law Review, 4
-
(2016)
Improving agile requirements: the quality user story 254 Requirements Engineering (2023) 28:229–255 1 3 framework and tool. Requir Eng 21(3):383–403 -
P. Mai, Arda Goknil, Lwin Shar, F. Pastore, L. Briand, Shaban Shaame (2018)
Modeling Security and Privacy Requirements: a Use Case-Driven ApproachInf. Softw. Technol., 100
-
Paula Santos, M. Carvalho (2021)
Exploring the challenges and benefits for scaling agile project management to large projects: a reviewRequirements Engineering, 27
-
Iflaah Salman, Ayse Misirli, Natalia Juzgado (2015)
Are Students Representatives of Professionals in Software Engineering Experiments?2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, 1
-
G. Lucassen, F. Dalpiaz, J. Werf, S. Brinkkemper (2016)
Improving agile requirements: the Quality User Story framework and toolRequirements Engineering, 21
-
S. Easterbrook, J. Singer, M. Storey, D. Damian (2008)
Selecting Empirical Methods for Software Engineering Research -
(2007)
The Mann ‐ Whitney U: A Test for Assessing Whether Two Independent Samples Come from the Same Distribution -
(2012)
Wesslén A (2012) Experimentation in software engineering. Springer, Berlin. https:// doi -
Hanne Rygge, A. Jøsang (2018)
Threat Poker: Solving Security and Privacy Threats in Agile Software Development -
W. Behutiye, Pertti Karhapää, D. Costal, M. Oivo, Xavier Franch (2017)
Non-functional Requirements Documentation in Agile Software Development: Challenges and Solution ProposalArXiv, abs/1711.08894
-
Pille Pullonen, Raimundas Matulevičius, D. Bogdanov (2017)
PE-BPMN: Privacy-Enhanced Business Process Model and Notation -
Fred Davis (1989)
Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information TechnologyMIS Q., 13
-
A. Bijwe, N. Mead (2010)
Adapting the SQUARE Process for Privacy Requirements Engineering -
Karina Curcio, T. Navarro, A. Malucelli, S. Reinehr (2018)
Requirements engineering: A systematic mapping study in agile software developmentJ. Syst. Softw., 139
-
C. Wohlin, P. Runeson, Martin Höst, M. Ohlsson, B. Regnell (2012)
Experimentation in Software Engineering -
CACM staff (2012)
Operationalizing privacy by designCommun. ACM, 55
-
Vanessa Ayala-Rivera, L. Pasquale (2018)
The Grace Period Has Ended: An Approach to Operationalize GDPR Requirements2018 IEEE 26th International Requirements Engineering Conference (RE)
-
Mikael Viitaniemi (2017)
Privacy by Design in Agile Software Development -
S. Hart, L. Staveland (1988)
Development of NASA-TLX (Task Load Index): Results of Empirical and Theoretical ResearchAdvances in psychology, 52
-
C. Wohlin, Martin Höst, Kennet Henningsson (2003)
Empirical Research Methods in Software Engineering -
Mina Deng, Kim Wuyts, R. Scandariato, B. Preneel, W. Joosen (2011)
A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirementsRequirements Engineering, 16
-
John Heaps, R. Krishnan, Yufei Huang, Jianwei Niu, R. Sandhu (2021)
Access Control Policy Generation from User Stories Using Machine Learning -
H. Nissenbaum (2009)
Privacy in Context - Technology, Policy, and the Integrity of Social Life -
C. Lagoudakis (1959)
The Universal Declaration of Human Rights.American Journal of International Law, 53
-
Husam Suleiman, D. Svetinovic (2012)
Evaluating the effectiveness of the security quality requirements engineering (SQUARE) method: a case study using smart grid advanced metering infrastructureRequirements Engineering, 18
-
Jeffrey Carver, M. Jaccheri, S. Morasca, F. Shull (2010)
A checklist for integrating student empirical studies with research and teaching goalsEmpirical Software Engineering, 15
-
Christos Kalloniatis, E. Kavakli, S. Gritzalis (2008)
Addressing privacy requirements in system design: the PriS methodRequirements Engineering, 13
-
Juliana Medeiros, A. Vasconcelos, Carla Schuenemann, M. Goulão (2018)
Quality of software requirements specification in agile projects: A cross-case analysis of six companiesJ. Syst. Softw., 142
-
I. Hadar, Tomer Hasson, Oshrat Ayalon, Eran Toch, Michael Birnhack, Sofia Sherman, Arod Balissa (2018)
Privacy by designers: software developers’ privacy mindsetEmpirical Software Engineering, 23
-
Jeffrey Carver, M. Jaccheri, S. Morasca, F. Shull (2003)
Issues in using students in empirical studies in software engineering educationProceedings. 5th International Workshop on Enterprise Networking and Computing in Healthcare Industry (IEEE Cat. No.03EX717)
-
Christos Kalloniatis, E. Kavakli, S. Gritzalis (2009)
Methods for Designing Privacy Aware Information Systems: A Review2009 13th Panhellenic Conference on Informatics
-
Keerthi Thomas, A. Bandara, B. Price, B. Nuseibeh (2014)
Distilling privacy requirements for mobile applicationsProceedings of the 36th International Conference on Software Engineering
-
G. Ayed, S. Ghernaouti-Helie (2011)
Privacy requirements specification for digital identity management systems implementation: Towards a digital society of privacy2011 International Conference for Internet Technology and Secured Transactions
- Publisher
- Springer Journals
- Copyright
- Copyright © The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature 2022. Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
- ISSN
- 0947-3602
- eISSN
- 1432-010X
- DOI
- 10.1007/s00766-022-00388-2
- Publisher site
- See Article on Publisher Site
Abstract
Although agile software development (ASD) has been adopted in the industry, requirements approaches for ASD still neglect non-functional requirements. Privacy has become a concern due to new user demands and data protection laws. Hence, privacy needs to be properly specified, but agile requirements engineering techniques do not explicitly represent privacy requirements and, therefore, are not able to proper analyze such requirements. In this context, Privacy Criteria Method (PCM), an approach to specify privacy in requirements activities, was proposed to produce more complete and detailed privacy requirements. By considering PCM a promising approach to be used in ASD and the importance of empirical evaluation of new methods, we have as objectives: 1 evaluate the ability of PCM to support systems analysts in specifying privacy requirements when used in conjunction with some agile specification methods; and 2 show our lessons learned in conducting empirical research based on an mix-method approach defined to empirically evaluate the suitability of a requirements specification in specifying privacy requirements. Mixed-method approach is a controlled experiment as a quantitative evaluation and a feasibility study (questionnaire and task analysis based) study as a qualitative and quantitative evaluation. The requirements specifications following PCM allow to represent privacy aspects, such as user’s personal data and the privacy mechanism that can be used to mitigate a privacy risk scenario. We also observed that some extra time is necessary to specify privacy requirements with PCM, but it does not imply a greater perceived effort. Specifications produced with PCM are of good quality and more privacy detailed. Additionally, we attest to the importance of conducting empirical research to evaluate new methods. PCM assists in specifying more complete and detailed in relation to traditional techniques used in ASD, which facilitates communication between the requirements analysts and developers.
Journal
Requirements Engineering – Springer Journals
Published: Jun 1, 2023
Keywords: Privacy requirements specification; Empirical study; Privacy criteria method; Agile software development