Nowadays, software development must face the challenge of integrating security and privacy elements from the earliest stages of any software development process. A correct and complete implementation starting from the requirements definition allows to significantly increase the security level of each single phase/iteration and consequently of the final system. Therefore, it is necessary to support the team throughout the software lifecycle trying to provide operational guidelines of security by design and privacy by design. Taking these aspects into account, the paper presents a Human Centered Design (HCD) approach of security and privacy-oriented software development, integrated within the Scrum agile methodology, defined as HCD-Security Scrum. The goal is to support developer decisions at all stages of software development in integrating security and privacy requirements through the formalization of key elements defined in a knowledge base, i.e., the Privacy Knowledge Base.
Integrating security and privacy in HCD-scrum
Teresa Baldassarre M.;Santa Barletta V.;Caivano D.;Piccinno A.
2021-01-01
Abstract
Nowadays, software development must face the challenge of integrating security and privacy elements from the earliest stages of any software development process. A correct and complete implementation starting from the requirements definition allows to significantly increase the security level of each single phase/iteration and consequently of the final system. Therefore, it is necessary to support the team throughout the software lifecycle trying to provide operational guidelines of security by design and privacy by design. Taking these aspects into account, the paper presents a Human Centered Design (HCD) approach of security and privacy-oriented software development, integrated within the Scrum agile methodology, defined as HCD-Security Scrum. The goal is to support developer decisions at all stages of software development in integrating security and privacy requirements through the formalization of key elements defined in a knowledge base, i.e., the Privacy Knowledge Base.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.