Towards Identification of Privacy Requirements with Systems Thinking View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2022-07-31

AUTHORS

Tuisku Sarrala , Tommi Mikkonen , Anh Nguyen Duc , Pekka Abrahamsson

ABSTRACT

Implementing privacy as software functions is required by privacy regulation. Achieving this requires shared understanding between business process owners and software engineers, who implement it. Current literature reveals a major gap between privacy requirements and how engineers interpret privacy. Furthermore, as today’s sociotechnical systems are increasingly complex and ever-evolving, unknown privacy issues can emerge from them as a side-effect. Understanding privacy and identifying privacy threats are pre-requisites for deciding on and implementing the right functionality in software. However, current methods for privacy threat identification do not cover all aspects of privacy, suit complex sociotechnical systems or requirements engineering, or support engineers forming a mental model of privacy. We claim that this situation can be improved by applying a systems thinking approach to privacy threat identification. In this paper, we elaborate the problem and propose a research agenda that will help close the gap between privacy requirements and technical software functionality. More... »

PAGES

249-258

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-031-11510-3_16

DOI

http://dx.doi.org/10.1007/978-3-031-11510-3_16

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1149869982


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0803", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Computer Software", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0806", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information Systems", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "University of Jyv\u00e4skyl\u00e4, PO Box 35, 40014, Jyv\u00e4skyl\u00e4, Finland", 
          "id": "http://www.grid.ac/institutes/grid.9681.6", 
          "name": [
            "University of Jyv\u00e4skyl\u00e4, PO Box 35, 40014, Jyv\u00e4skyl\u00e4, Finland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Sarrala", 
        "givenName": "Tuisku", 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Jyv\u00e4skyl\u00e4, PO Box 35, 40014, Jyv\u00e4skyl\u00e4, Finland", 
          "id": "http://www.grid.ac/institutes/grid.9681.6", 
          "name": [
            "University of Jyv\u00e4skyl\u00e4, PO Box 35, 40014, Jyv\u00e4skyl\u00e4, Finland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Mikkonen", 
        "givenName": "Tommi", 
        "id": "sg:person.013323020425.13", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013323020425.13"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Business and IT, University of South-Eastern Norway, PO Box 4, 3199, Borre, Norway", 
          "id": "http://www.grid.ac/institutes/grid.463530.7", 
          "name": [
            "Department of Business and IT, University of South-Eastern Norway, PO Box 4, 3199, Borre, Norway"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Nguyen Duc", 
        "givenName": "Anh", 
        "id": "sg:person.013777216461.94", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013777216461.94"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Jyv\u00e4skyl\u00e4, PO Box 35, 40014, Jyv\u00e4skyl\u00e4, Finland", 
          "id": "http://www.grid.ac/institutes/grid.9681.6", 
          "name": [
            "University of Jyv\u00e4skyl\u00e4, PO Box 35, 40014, Jyv\u00e4skyl\u00e4, Finland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Abrahamsson", 
        "givenName": "Pekka", 
        "id": "sg:person.013004041551.91", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013004041551.91"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2022-07-31", 
    "datePublishedReg": "2022-07-31", 
    "description": "Implementing privacy as software functions is required by privacy regulation. Achieving this requires shared understanding between business process owners and software engineers, who implement it. Current literature reveals a major gap between privacy requirements and how engineers interpret privacy. Furthermore, as today\u2019s sociotechnical systems are increasingly complex and ever-evolving, unknown privacy issues can emerge from them as a side-effect. Understanding privacy and identifying privacy threats are pre-requisites for deciding on and implementing the right functionality in software. However, current methods for privacy threat identification do not cover all aspects of privacy, suit complex sociotechnical systems or requirements engineering, or support engineers forming a mental model of privacy. We claim that this situation can be improved by applying a systems thinking approach to privacy threat identification. In this paper, we elaborate the problem and propose a research agenda that will help close the gap between privacy requirements and technical software functionality.", 
    "editor": [
      {
        "familyName": "Shishkov", 
        "givenName": "Boris", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-031-11510-3_16", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-031-11509-7", 
        "978-3-031-11510-3"
      ], 
      "name": "Business Modeling and Software Design", 
      "type": "Book"
    }, 
    "keywords": [
      "privacy requirements", 
      "threat identification", 
      "sociotechnical systems", 
      "aspects of privacy", 
      "business process owners", 
      "privacy threats", 
      "privacy issues", 
      "software engineers", 
      "complex sociotechnical systems", 
      "software functionality", 
      "software functions", 
      "support engineers", 
      "privacy regulations", 
      "privacy", 
      "right functionality", 
      "process owners", 
      "mental models", 
      "requirements", 
      "functionality", 
      "engineers", 
      "current methods", 
      "system", 
      "software", 
      "research agenda", 
      "owners", 
      "issues", 
      "threat", 
      "identification", 
      "situation", 
      "model", 
      "method", 
      "gap", 
      "aspects", 
      "current literature", 
      "literature", 
      "function", 
      "understanding", 
      "major gaps", 
      "agenda", 
      "regulation", 
      "paper", 
      "problem", 
      "approach"
    ], 
    "name": "Towards Identification of Privacy Requirements with Systems Thinking", 
    "pagination": "249-258", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1149869982"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-031-11510-3_16"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-031-11510-3_16", 
      "https://app.dimensions.ai/details/publication/pub.1149869982"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-09-02T16:09", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220902/entities/gbq_results/chapter/chapter_0.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-031-11510-3_16"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-031-11510-3_16'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-031-11510-3_16'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-031-11510-3_16'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-031-11510-3_16'


 

This table displays all metadata directly associated to this object as RDF triples.

129 TRIPLES      22 PREDICATES      68 URIs      60 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-031-11510-3_16 schema:about anzsrc-for:08
2 anzsrc-for:0803
3 anzsrc-for:0806
4 schema:author N343120f0d5ba4e40a3ba6aee657ec5ae
5 schema:datePublished 2022-07-31
6 schema:datePublishedReg 2022-07-31
7 schema:description Implementing privacy as software functions is required by privacy regulation. Achieving this requires shared understanding between business process owners and software engineers, who implement it. Current literature reveals a major gap between privacy requirements and how engineers interpret privacy. Furthermore, as today’s sociotechnical systems are increasingly complex and ever-evolving, unknown privacy issues can emerge from them as a side-effect. Understanding privacy and identifying privacy threats are pre-requisites for deciding on and implementing the right functionality in software. However, current methods for privacy threat identification do not cover all aspects of privacy, suit complex sociotechnical systems or requirements engineering, or support engineers forming a mental model of privacy. We claim that this situation can be improved by applying a systems thinking approach to privacy threat identification. In this paper, we elaborate the problem and propose a research agenda that will help close the gap between privacy requirements and technical software functionality.
8 schema:editor Nfdfca42c348749e5835c08e236da696a
9 schema:genre chapter
10 schema:isAccessibleForFree false
11 schema:isPartOf N335eebe7bd214eea94920f2a0cbddd24
12 schema:keywords agenda
13 approach
14 aspects
15 aspects of privacy
16 business process owners
17 complex sociotechnical systems
18 current literature
19 current methods
20 engineers
21 function
22 functionality
23 gap
24 identification
25 issues
26 literature
27 major gaps
28 mental models
29 method
30 model
31 owners
32 paper
33 privacy
34 privacy issues
35 privacy regulations
36 privacy requirements
37 privacy threats
38 problem
39 process owners
40 regulation
41 requirements
42 research agenda
43 right functionality
44 situation
45 sociotechnical systems
46 software
47 software engineers
48 software functionality
49 software functions
50 support engineers
51 system
52 threat
53 threat identification
54 understanding
55 schema:name Towards Identification of Privacy Requirements with Systems Thinking
56 schema:pagination 249-258
57 schema:productId Ncd1e74f48da2450889f35d636c0decf9
58 Nd5b9d82600384c33956b7dc614ae4f1e
59 schema:publisher N1a87995511e24bdfbabb898939010808
60 schema:sameAs https://app.dimensions.ai/details/publication/pub.1149869982
61 https://doi.org/10.1007/978-3-031-11510-3_16
62 schema:sdDatePublished 2022-09-02T16:09
63 schema:sdLicense https://scigraph.springernature.com/explorer/license/
64 schema:sdPublisher N1b94ce62472442b2a99fc3a5262e9a58
65 schema:url https://doi.org/10.1007/978-3-031-11510-3_16
66 sgo:license sg:explorer/license/
67 sgo:sdDataset chapters
68 rdf:type schema:Chapter
69 N0ac3021562d24462811a627e7dcfff20 rdf:first sg:person.013004041551.91
70 rdf:rest rdf:nil
71 N1a87995511e24bdfbabb898939010808 schema:name Springer Nature
72 rdf:type schema:Organisation
73 N1b94ce62472442b2a99fc3a5262e9a58 schema:name Springer Nature - SN SciGraph project
74 rdf:type schema:Organization
75 N2f7679811e0d4203bb1c87192e492bdc rdf:first sg:person.013323020425.13
76 rdf:rest N59301584696c494b829b9c1134c6e9f4
77 N335eebe7bd214eea94920f2a0cbddd24 schema:isbn 978-3-031-11509-7
78 978-3-031-11510-3
79 schema:name Business Modeling and Software Design
80 rdf:type schema:Book
81 N343120f0d5ba4e40a3ba6aee657ec5ae rdf:first N9f66a7ce11284a9e9ec52562c133b6db
82 rdf:rest N2f7679811e0d4203bb1c87192e492bdc
83 N59301584696c494b829b9c1134c6e9f4 rdf:first sg:person.013777216461.94
84 rdf:rest N0ac3021562d24462811a627e7dcfff20
85 N9f66a7ce11284a9e9ec52562c133b6db schema:affiliation grid-institutes:grid.9681.6
86 schema:familyName Sarrala
87 schema:givenName Tuisku
88 rdf:type schema:Person
89 Ncd1e74f48da2450889f35d636c0decf9 schema:name dimensions_id
90 schema:value pub.1149869982
91 rdf:type schema:PropertyValue
92 Nd5b9d82600384c33956b7dc614ae4f1e schema:name doi
93 schema:value 10.1007/978-3-031-11510-3_16
94 rdf:type schema:PropertyValue
95 Ne44edfa892c24536a63383eea1f71a9e schema:familyName Shishkov
96 schema:givenName Boris
97 rdf:type schema:Person
98 Nfdfca42c348749e5835c08e236da696a rdf:first Ne44edfa892c24536a63383eea1f71a9e
99 rdf:rest rdf:nil
100 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
101 schema:name Information and Computing Sciences
102 rdf:type schema:DefinedTerm
103 anzsrc-for:0803 schema:inDefinedTermSet anzsrc-for:
104 schema:name Computer Software
105 rdf:type schema:DefinedTerm
106 anzsrc-for:0806 schema:inDefinedTermSet anzsrc-for:
107 schema:name Information Systems
108 rdf:type schema:DefinedTerm
109 sg:person.013004041551.91 schema:affiliation grid-institutes:grid.9681.6
110 schema:familyName Abrahamsson
111 schema:givenName Pekka
112 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013004041551.91
113 rdf:type schema:Person
114 sg:person.013323020425.13 schema:affiliation grid-institutes:grid.9681.6
115 schema:familyName Mikkonen
116 schema:givenName Tommi
117 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013323020425.13
118 rdf:type schema:Person
119 sg:person.013777216461.94 schema:affiliation grid-institutes:grid.463530.7
120 schema:familyName Nguyen Duc
121 schema:givenName Anh
122 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013777216461.94
123 rdf:type schema:Person
124 grid-institutes:grid.463530.7 schema:alternateName Department of Business and IT, University of South-Eastern Norway, PO Box 4, 3199, Borre, Norway
125 schema:name Department of Business and IT, University of South-Eastern Norway, PO Box 4, 3199, Borre, Norway
126 rdf:type schema:Organization
127 grid-institutes:grid.9681.6 schema:alternateName University of Jyväskylä, PO Box 35, 40014, Jyväskylä, Finland
128 schema:name University of Jyväskylä, PO Box 35, 40014, Jyväskylä, Finland
129 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...