Privacy Risk Assessment Case Studies in Support of SQUARE

July 2009 • Special Report

Varokas Panusuwan, Prashanth Batlagundu Interviewer Nancy R. Mead

In this report, the authors describe enhancements to the SQUARE method for addressing privacy requirements.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2009-SR-017

DOI (Digital Object Identifier):

10.1184/R1/6582215.v1

Subjects

Cybersecurity EngineeringCybersecurity Engineering
SQUARESQUARE

Abstract

This report contributes to further development of the Security Quality Requirements Engineering (SQUARE) method to address privacy. Risk assessment is Step 4 in the standard SQUARE process. This report examines privacy definitions, privacy regulations, and risk assessment techniques for privacy. The risk assessment techniques are classified using a standard method, and promising techniques are applied to two case studies. The case study results are provided along with future plans for SQUARE for Privacy.

Software Engineering Institute