Abstract
[Context and motivation] Eliciting compliance requirements often results in requirements, which might not be satisfied due to uncertainty and unavailability of resources. The lack of anticipation of these factors may increase the cost of achieving compliance. [Question/problem] Managing compliance is an investment activity that requires making decisions about selecting the right compliance goals under uncertainty, handling the obstacles to those goals and minimising risks. [Principal ideas/results] (1) We define the concept of technical debt for managing compliance and we explore its link with obstacles to compliance goals. (2) We propose goal-oriented method and obstacles handling with a portfolio-based thinking for systematically managing obstacles and refining compliance goals. [Contribution]We use an exemplar to illustrate and evaluate the approach. The results show that our approach can provides analysts and compliance managers with an objective tool to assess and rethink their investment decisions when elaborating compliance requirements.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Jansen, W., Grance, T.: Guidelines on Security and Privacy in Public Cloud Computing. In: National Institute of Standards and Technology (2011)
Lubars, M., Potts, C., Richter, C.: A Review of the State of the Practice in Requirements Modelling. In: IEEE International Symposium on Requirements Engineering, pp. 2–14 (1993)
Nuseibeh, B., Easterbrook, S.: Requirements Engineering: A Roadmap. In: Proceedings of the Conference on the Future of Software Engineering, pp. 4–11 (2000)
Saaty, L.: The Analytical Hierarchy Process. McGraw-Hill (1980)
Karlsson, J., Olsson, S., Ryan, K.: Improved Practical Support for Large-scale Requirements Prioritising. Requirements Engineering 2(1), 51–60 (1997)
Sivzattian, S., Nuseibe, B.: Linking the Selection of Requirements to Market Value: A Portfolio-Based Approach. In: Proceedings of 7th International Workshop on Requirements Engineering: Foundation for Software Quality (2001)
Seaman, C., Guo, Y., Izurieta, C., Cai, Y., Zazworka, N., Shull, F., Vetro, A.: Using technical debt data in decision making: Potential decision approaches. In: 2012 Third International Workshop on Managing Technical Debt (MTD), pp. 45–48 (2012)
Benbasat, I., Cavusoglu, H., Bulgurcu, B.: Information Security compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 523–548 (2010)
Ransbotham, S., Mitra, S.: Choice and Chance: A Conceptual Model of Paths to Information Security Compromise. Information Systems Research 20, 121–139 (2009)
Haley, C., Laney, R., Moffett, J., Nuseibeh: Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Transactions on Software Engineering 34, 133–151 (2008)
Duboc, L., Letier, E., Rosenblum, D.: Systematic Elaboration of Scalability Requirements through Goal-Obstacle Analysis. IEEE Transactions on Software Engineering 39, 119–140 (2013)
van Lamsweerde, A.: Goal-Oriented Requirements Engineering: A Guided Tour. In: Proceedings of 5th IEEE International Symposium on Requirements Engineering, pp. 249–263 (2001)
Letier, E., Lamsweerde, A.: Handling Obstacles in Goal-Oriented Requirements Engineering. IEEE Transactions on Software Engineering, Special Issue on Exception Handling 26(10), 978–1005 (2000)
Breaux, T., Anton, A., Vail, M.: Towards Compliance: Extracting Rights and Obligations to Align Requirements with Regulations. In: 14th IEEE International Conference on Requirements Engineering, pp. 49–58, 11–15 (2006)
Giorgini, P., Mylopoulos, J., Massacci, F.: Modelling Security Requirements through Ownership, Permission and Delegation. In: Proceedings of the 13th IEEE International Conference on Requirements Engineering, pp. 167–176 (2005)
Van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of 26th International Conference on Software Engineering, pp. 148–157 (2004)
May, M., Gunter, C., Lee, I.: Privacy APIs: Access Control Techniques to Analyse and Verify Legal Privacy Policies. In: 19th IEEE Computer Security Foundations Workshop, pp. 13–97 (2006)
Burgemeestre, B., Hulstijn, J., Tan, Y.: Value-Based Argumentation for Justifying Compliance. In: Governatori, G., Sartor, G. (eds.) Deontic Logic in Computer Science, pp. 214–228. Guido Governatori (2010)
Markowitz, H.M.: Portfolio Selection: Efficient Diversification of Investments. John Wiley & Sons, New York (1957)
Guo, Y., Seaman, C.: A Portfolio Approach to Technical Debt Management. In: Proceedings of the 2nd Workshop on Managing Technical Debt, MTD 2011, pp. 31–34 (2011)
ALRebeish, F., Bahsoon, R.: Risk-Aware Web Service Allocation in the Cloud Using Portfolio Theory. In: Proceedings of the 2013 IEEE International Conference on Services Computing, pp. 675–682 (2013)
Brown, N., Cai, Y., Guo, Y., Kazman, R., Kim, M., Kruchten, P., Lim, E., MacCormack, A., Nord, R., Ozkaya, I., Sangwan, R., Seaman, C., Sullivan, K.: Zazworka. N.: Managing technical debt in software-reliant systems. In: Proceedings of the FSE/SDP Workshop on Future of Software Engineering Research, FoSER 2010, pp. 47–52 (2010)
Zardari, S., Faniyi, F., Bahsoon, R.: Using Obstacles for Systematically Modelling, Analysing and Mitigating Risks in Cloud Adoption. In: Aligning Enterprise, System and Software Architectures, pp. 275–296. IGI Global (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Ojameruaye, B., Bahsoon, R. (2014). Systematic Elaboration of Compliance Requirements Using Compliance Debt and Portfolio Theory. In: Salinesi, C., van de Weerd, I. (eds) Requirements Engineering: Foundation for Software Quality. REFSQ 2014. Lecture Notes in Computer Science, vol 8396. Springer, Cham. https://doi.org/10.1007/978-3-319-05843-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-05843-6_12
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05842-9
Online ISBN: 978-3-319-05843-6
eBook Packages: Computer ScienceComputer Science (R0)