A Framework to Support Alignment of Secure Software Engineering With Legal Regulations
Regulation compliance is getting more and more important for software systems that process and manage sensitive information. Therefore, identifying and analyzing relevant legal regulations and aligning them with security requirements become necessary for the effective development of secure software systems. Nevertheless, Secure Software Engineering Modelling Languages (SSEML) use different concepts and terminology from those used in the legal domain for the description of legal regulations. This situation, together with the lack of appropriate background and knowledge of laws and regulations, introduces a challenge for software developers. In particular, it makes difficult to perform the elicitation of appropriate security requirements from the relevant laws and regulations; and the correct tracing of the security requirements throughout the development stages.