Harmonizing privacy with security principles and practices
by S. L. Pfleeger
and C. P. Pfleeger
During the development of a software system, the process of requirements elicitation gathers both functional requirements (i.e., what the system should do) and nonfunctional requirements (i.e., what the system should be). Computer science and software engineering education have traditionally addressed the former more than the latter, because it is easier to test that functional requirements have been properly implemented. Within the category of nonfunctional requirements, the privacy requirements engineering process is less mature than that of security engineering, and underlying engineering principles can give little attention to privacy requirements. In this paper, we discuss how security and privacy requirements engineering can be taught as necessary aspects of software development. We suggest that the best way to harmonize security and privacy requirements is to link information systems experts with computer scientists with the goal of addressing the key issues that prevent systems from implementing effective security and privacy.