Special Issue "Security Requirements Engineering: Designing Secure Socio-Technical Systems"

A special issue of Information (ISSN 2078-2489). This special issue belongs to the section "Information Systems".

Deadline for manuscript submissions: closed (15 August 2019).

Special Issue Editor

Dr. Elda Paja
Website
Guest Editor
Department of Computer Science, IT University of Copenhagen, København, Denmark
Interests: security requirements engineering; threat modeling; model-driven development

Special Issue Information

Dear Colleagues,

Security is no longer a nice-to-have feature over existing systems, and organizations worldwide are investing more and more on security in order to safeguard intellectual property, financial information, and a company’s reputation. As such, information security is a crucial part of business strategy, which cannot be considered after the fact but in the very early development phases, in order to avoid conflicts with the existing system (which is already running) or expensive fixes.

A system might be secure from a technical point of view, because of a series of mechanisms that have been put in place, such as firewalls, secure password protection, or message encryption. However, this does not ensure that the business practice complies with security requirements, or that the said mechanisms do not conflict with the business policy. Statistics on security incidents show how security is affected by social and organizational aspects, which need to be considered on top of technical mechanisms. This opens up new challenges for analysts, who now have to study the bigger picture, which includes not only the software under design, but also the humans operating and interacting with it and the involved organizations. Analyzing this bigger picture means designing secure socio-technical systems rather than just technical software systems.

Despite much attention from the research community, research efforts on the design of socio-technical systems are still in their infancy, while socio-technical systems have been a reality for quite some time. Their societal relevance is demonstrated by many examples, such as healthcare systems, e-commerce, air traffic management control, smart cities, smart homes, and alike.

This Special Issue invites submissions of high-quality original technical content papers, empirical evaluation of existing methods, and industrial experience papers on real applications or survey papers that shed further light on the trends and current status of work in security requirements engineering.

Dr. Elda Paja
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1000 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Security requirements
  • Information security
  • Socio-technical systems
  • Requirements engineering
  • Modeling languages
  • Security
  • Security threats
  • Privacy
  • Risk analysis
  • Compliance
  • Automated analysis
  • Enforcement of security requirements

Published Papers (1 paper)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Open AccessArticle
Preserving Digital Privacy in e-Participation Environments: Towards GDPR Compliance
Information 2020, 11(2), 117; https://doi.org/10.3390/info11020117 - 20 Feb 2020
Abstract
The application of the General Data Protection Regulation (GDPR) 2016/679/EC, the Regulation for the protection of personal data, is a challenge and must be seen as an opportunity for the redesign of the systems that are being used for the processing of personal [...] Read more.
The application of the General Data Protection Regulation (GDPR) 2016/679/EC, the Regulation for the protection of personal data, is a challenge and must be seen as an opportunity for the redesign of the systems that are being used for the processing of personal data. An unexplored area where systems are being used to collect and process personal data are the e-Participation environment. The latest generations of such environments refer to sociotechnical systems based on the exploitation of the increasing use of Social Media, by using them as valuable tools, able to provide answers and decision support in public policy formulation. This work explores the privacy requirements that GDPR imposes in such environments, contributing to the identification of challenges that e-Participation approaches have to deal with, with regard to privacy protection. Full article
Show Figures

Graphical abstract

Back to TopTop