Skip to main content
SpringerLink
Log in

Systematic Elaboration of Compliance Requirements Using Compliance Debt and Portfolio Theory

  • Conference paper
Requirements Engineering: Foundation for Software Quality (REFSQ 2014)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8396))

Abstract

[Context and motivation] Eliciting compliance requirements often results in requirements, which might not be satisfied due to uncertainty and unavailability of resources. The lack of anticipation of these factors may increase the cost of achieving compliance. [Question/problem] Managing compliance is an investment activity that requires making decisions about selecting the right compliance goals under uncertainty, handling the obstacles to those goals and minimising risks. [Principal ideas/results] (1) We define the concept of technical debt for managing compliance and we explore its link with obstacles to compliance goals. (2) We propose goal-oriented method and obstacles handling with a portfolio-based thinking for systematically managing obstacles and refining compliance goals. [Contribution]We use an exemplar to illustrate and evaluate the approach. The results show that our approach can provides analysts and compliance managers with an objective tool to assess and rethink their investment decisions when elaborating compliance requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jansen, W., Grance, T.: Guidelines on Security and Privacy in Public Cloud Computing. In: National Institute of Standards and Technology (2011)

    Google Scholar 

  2. Lubars, M., Potts, C., Richter, C.: A Review of the State of the Practice in Requirements Modelling. In: IEEE International Symposium on Requirements Engineering, pp. 2–14 (1993)

    Google Scholar 

  3. Nuseibeh, B., Easterbrook, S.: Requirements Engineering: A Roadmap. In: Proceedings of the Conference on the Future of Software Engineering, pp. 4–11 (2000)

    Google Scholar 

  4. Saaty, L.: The Analytical Hierarchy Process. McGraw-Hill (1980)

    Google Scholar 

  5. Karlsson, J., Olsson, S., Ryan, K.: Improved Practical Support for Large-scale Requirements Prioritising. Requirements Engineering 2(1), 51–60 (1997)

    Article  Google Scholar 

  6. Sivzattian, S., Nuseibe, B.: Linking the Selection of Requirements to Market Value: A Portfolio-Based Approach. In: Proceedings of 7th International Workshop on Requirements Engineering: Foundation for Software Quality (2001)

    Google Scholar 

  7. Seaman, C., Guo, Y., Izurieta, C., Cai, Y., Zazworka, N., Shull, F., Vetro, A.: Using technical debt data in decision making: Potential decision approaches. In: 2012 Third International Workshop on Managing Technical Debt (MTD), pp. 45–48 (2012)

    Google Scholar 

  8. Benbasat, I., Cavusoglu, H., Bulgurcu, B.: Information Security compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 523–548 (2010)

    Google Scholar 

  9. Ransbotham, S., Mitra, S.: Choice and Chance: A Conceptual Model of Paths to Information Security Compromise. Information Systems Research 20, 121–139 (2009)

    Article  Google Scholar 

  10. Haley, C., Laney, R., Moffett, J., Nuseibeh: Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Transactions on Software Engineering 34, 133–151 (2008)

    Article  Google Scholar 

  11. Duboc, L., Letier, E., Rosenblum, D.: Systematic Elaboration of Scalability Requirements through Goal-Obstacle Analysis. IEEE Transactions on Software Engineering 39, 119–140 (2013)

    Article  Google Scholar 

  12. van Lamsweerde, A.: Goal-Oriented Requirements Engineering: A Guided Tour. In: Proceedings of 5th IEEE International Symposium on Requirements Engineering, pp. 249–263 (2001)

    Google Scholar 

  13. Letier, E., Lamsweerde, A.: Handling Obstacles in Goal-Oriented Requirements Engineering. IEEE Transactions on Software Engineering, Special Issue on Exception Handling 26(10), 978–1005 (2000)

    Google Scholar 

  14. Breaux, T., Anton, A., Vail, M.: Towards Compliance: Extracting Rights and Obligations to Align Requirements with Regulations. In: 14th IEEE International Conference on Requirements Engineering, pp. 49–58, 11–15 (2006)

    Google Scholar 

  15. Giorgini, P., Mylopoulos, J., Massacci, F.: Modelling Security Requirements through Ownership, Permission and Delegation. In: Proceedings of the 13th IEEE International Conference on Requirements Engineering, pp. 167–176 (2005)

    Google Scholar 

  16. Van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of 26th International Conference on Software Engineering, pp. 148–157 (2004)

    Google Scholar 

  17. May, M., Gunter, C., Lee, I.: Privacy APIs: Access Control Techniques to Analyse and Verify Legal Privacy Policies. In: 19th IEEE Computer Security Foundations Workshop, pp. 13–97 (2006)

    Google Scholar 

  18. Burgemeestre, B., Hulstijn, J., Tan, Y.: Value-Based Argumentation for Justifying Compliance. In: Governatori, G., Sartor, G. (eds.) Deontic Logic in Computer Science, pp. 214–228. Guido Governatori (2010)

    Google Scholar 

  19. Markowitz, H.M.: Portfolio Selection: Efficient Diversification of Investments. John Wiley & Sons, New York (1957)

    Google Scholar 

  20. Guo, Y., Seaman, C.: A Portfolio Approach to Technical Debt Management. In: Proceedings of the 2nd Workshop on Managing Technical Debt, MTD 2011, pp. 31–34 (2011)

    Google Scholar 

  21. ALRebeish, F., Bahsoon, R.: Risk-Aware Web Service Allocation in the Cloud Using Portfolio Theory. In: Proceedings of the 2013 IEEE International Conference on Services Computing, pp. 675–682 (2013)

    Google Scholar 

  22. Brown, N., Cai, Y., Guo, Y., Kazman, R., Kim, M., Kruchten, P., Lim, E., MacCormack, A., Nord, R., Ozkaya, I., Sangwan, R., Seaman, C., Sullivan, K.: Zazworka. N.: Managing technical debt in software-reliant systems. In: Proceedings of the FSE/SDP Workshop on Future of Software Engineering Research, FoSER 2010, pp. 47–52 (2010)

    Google Scholar 

  23. Zardari, S., Faniyi, F., Bahsoon, R.: Using Obstacles for Systematically Modelling, Analysing and Mitigating Risks in Cloud Adoption. In: Aligning Enterprise, System and Software Architectures, pp. 275–296. IGI Global (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Birmingham, UK

    Bendra Ojameruaye & Rami Bahsoon

Authors
  1. Bendra Ojameruaye
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rami Bahsoon
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Centre Pierre Mendes France, Université Paris 1 Panthéon - Sorbonne, 90, rue de Tolbiac, 75634, Paris Cedex 13, France

    Camille Salinesi

  2. KIN Research Group, VU University Amsterdam, De Boelelaan 1105, 1081 HV, Amsterdam, The Netherlands

    Inge van de Weerd

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Ojameruaye, B., Bahsoon, R. (2014). Systematic Elaboration of Compliance Requirements Using Compliance Debt and Portfolio Theory. In: Salinesi, C., van de Weerd, I. (eds) Requirements Engineering: Foundation for Software Quality. REFSQ 2014. Lecture Notes in Computer Science, vol 8396. Springer, Cham. https://doi.org/10.1007/978-3-319-05843-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-05843-6_12

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-05842-9

  • Online ISBN: 978-3-319-05843-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation