An Exploratory Survey on the perceptions regarding the inclusion of security and privacy by design (SBD, PbD) principles during Software development lifecycle (SDLC) requirements gathering phase among Business Analysts
| Main Author: | Glorin Sebastian |
|---|---|
| Format: | Article Journal |
| Bahasa: | eng |
| Terbitan: |
, 2020
|
| Subjects: | |
| Online Access: |
https://zenodo.org/record/4427207 |
Daftar Isi:
- ABSTRACT: Privacy by design requires privacy to be taken into account, during the entire engineering process, while security by design requires embedding the principles of secure coding and software design starting from the requirements elicitation phase. Including the security and privacy requirements in the requirements elicitation phase and mapping to the functional requirements, ensures that these requirements are validated and tested prior to implementation, thus corroborating the robustness of the software to withstand majority of the cyber and privacy threats. Including security and privacy in the design and requirements phase and not as an afterthought, also ensures that the system is compliant to various regulations such as GDPR (General Data Protection Regulation), Section-25 that mandates application of privacy by design principles in software development. This approach is also less expensive compared to trying to factor in security and privacy later. As part of the study, we try to understand the various challenges involved in including security and privacy by design (SBD, PbD) principles during the SDLC requirements gathering phase. We also suggest measures to solve these challenges based on the suggestions from survey participants as well as review of Software coding best practices. This study would help most software companies to evaluate their SDLC requirements elicitation procedures to ensure they are in compliance with the applicable data and security regulations as well industry best practices. Keywords: Privacy by design (PBD), Security by design (SBD), SDLC, Requirements elicitation