Special Issue "Security Requirements Engineering: Designing Secure Socio-Technical Systems"
Deadline for manuscript submissions: 15 August 2019
Security is no longer a nice-to-have feature over existing systems, and organizations worldwide are investing more and more on security in order to safeguard intellectual property, financial information, and a company’s reputation. As such, information security is a crucial part of business strategy, which cannot be considered after the fact but in the very early development phases, in order to avoid conflicts with the existing system (which is already running) or expensive fixes.
A system might be secure from a technical point of view, because of a series of mechanisms that have been put in place, such as firewalls, secure password protection, or message encryption. However, this does not ensure that the business practice complies with security requirements, or that the said mechanisms do not conflict with the business policy. Statistics on security incidents show how security is affected by social and organizational aspects, which need to be considered on top of technical mechanisms. This opens up new challenges for analysts, who now have to study the bigger picture, which includes not only the software under design, but also the humans operating and interacting with it and the involved organizations. Analyzing this bigger picture means designing secure socio-technical systems rather than just technical software systems.
Despite much attention from the research community, research efforts on the design of socio-technical systems are still in their infancy, while socio-technical systems have been a reality for quite some time. Their societal relevance is demonstrated by many examples, such as healthcare systems, e-commerce, air traffic management control, smart cities, smart homes, and alike.
This Special Issue invites submissions of high-quality original technical content papers, empirical evaluation of existing methods, and industrial experience papers on real applications or survey papers that shed further light on the trends and current status of work in security requirements engineering.
Dr. Elda Paja
Manuscript Submission Information
Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.
Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.
Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1000 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.
- Security requirements
- Information security
- Socio-technical systems
- Requirements engineering
- Modeling languages
- Security threats
- Risk analysis
- Automated analysis
- Enforcement of security requirements
The below list represents only planned manuscripts. Some of these manuscripts have not been received by the Editorial Office yet. Papers submitted to MDPI journals are subject to peer-review.
Authors: Vasiliki Diamantopoulou
Affiliation: Department of Information and Communication Systems Engineering, University of the Aegean
Abstract: The application of the GDPR 2016/679/EC, the Regulation for the protection of personal data, is a challenge and must be seen as an opportunity for the redesign of the systems that are used for the processing of personal data. An unexplored area where systems are used to collect and process personal data is the e-Participation environment. These sociotechnical systems are based on the exploitation of the increasing use of Social Media, by using them as valuable tools, able to provide answers and decision support in public policy formulation. This work aims at the analysis of such systems, by exploring the level of the satisfaction of the privacy requirements that GDPR imposes, contributing to the identification of challenges that e-participation approaches impose with regard to privacy protection.