Annotated Bibliography ń E-commerce
[AE01] A.I. AntŪn and J.B. Earp. "Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems." Accepted to the 1st ACM Workshop on Security and Privacy in E-Commerce (CCS 2000), Athens, Greece, 1-4 November 2000.
Abstract: There is a need for a balance between security and information accessibility for business functionality. A well-developed security policy that is followed is very important in electronic commerce systems. There have been two approaches to security policy management, but both fall short when it comes to defining requirements. Privacy is seen in many realms including electronic commerce. Privacy is involved with all areas of an application including electronic commerce, database management, security techniques, telecommunications, collaborative systems and systems implementation. It is important to think of these issues before the system is complete. It is necessary for privacy policies to be developed properly and for the system to correspond to the policy. Goals are easier to use than requirements when communicating between analysts and stakeholders. GBRAM Goal-Based Requirements Analysis Method is a method for defining system and enterprise goals and requirements. It uses four principles: identification, classification, refinement, and elaboration. Risk assessment is important in creating goals.
When a risk has been identified, there is either goal refinement or a new goal or sub-goal is added to respond to the risk. There are six classes of goals in the GBRAM: user, system, communication, security, knowledge, and quality. The analysis of goals and scenarios is to help formulate policy goals and to make sure the system is consistent with the policies.
This is a tool to help organizations develop policy goals and follow them.
Scenarios - descriptions of concrete system behaviors
[AEP01] A.I. AntŪn, J.B. Earp, C. Potts and T.A. Aslpaugh. "The Role of Policy Stakeholder Privacy Values in Requirements Engineering." IEEE 5th International Symposium on Requirements Engineering (RE'01), Toronto, Canada, August 2001.
Use-cases - narratives that illustrate actual or desired sequences of satisfactory events
?s: teleology - ?
[Far00] K. Farmer. "A Taxonomy for Internet Privacy Goal Mining." 2000.
This is a tool to help with security and privacy for e-commerce applications.
PII - personally identifiable information