A Model-based Approach to Realize Privacy and Data Protection by Design

“…The subsequent steps involved synthesizing these findings into a coherent framework. A preliminary framework was created, outlining the [13], ISPM [37] and PDPbD [38] .…”

“…The process begins by analyzing the organization's data processing activities [23]. This involves pinpointing the various data categories and assets in play [8], [30], [38], [49], [53]. To generate a comprehensive list of these activities, one can employ tools such as a guided questionnaire [23], [30], [50] or even conduct focus group discussions [25], [45].…”

“…Technique. Various modeling approaches includes Data Flow Diagrams [13], [35], [38], [51], [53], STS-ml (Socio-Technical Security Modeling Language) [46]- [48], SecBPMN2 [48], Secure Tropos (SecTro) [48], JTrust [48], Misuse Case Diagrams [29], [51], [52], UML diagram [37], [42], BPMN [37], [54], Goal modeling diagrams [55], Problem Frames [5], or TOGAF-based modeling [37]. Textual specifications [32], [36], NLP techniques [16], Questionnaires [30], [46], Co-creation tools [45] Functional requirements list [32], Privacy-related entities [36] Stakeholder goals Asset and Data Inventory Data processing analysis [23], Guided questionnaire [30], [50], Focus group discussions [25], Surveys, Interviews [4], [29] Assets and data inventory list [23], Data processing activities [44] Data audit forms [8], Current database, Data flow diagrams Model-based Approach Data Flow Diagrams [13], [51], STS-ml [46], SecBPMN2, Secure Tropos, JTrust, Misuse Case Diagrams [29], [52], UML, BPMN…”

“…After that, choose the PETs and privacy patterns based on experts knowledge [8], [52] or from the mapping table between privacy requirements/threats to the corresponding solutions [8], [9], [13], [22], [37], [42], [44], [63] or based on recommendation system from semantics-based knowledge [44]. This can be categorized in further detail into a group of threats [13] or design strategies whether it is related to data or process [38], [53] or related to specific requirements in regulation [66].…”

“…In this task, the focus is on designing an architecture that supports the selected PETs and countermeasures while also meeting other relevant criteria. This involves defining the system architecture in a way that best supports the identified privacy-related processes [22], [24], [37], [38], [43], [49], [65], [66] and compliance [19].…”

Toward a Holistic Privacy Requirements Engineering Process: Insights From a Systematic Literature Review

“…The subsequent steps involved synthesizing these findings into a coherent framework. A preliminary framework was created, outlining the [13], ISPM [37] and PDPbD [38] .…”

“…The process begins by analyzing the organization's data processing activities [23]. This involves pinpointing the various data categories and assets in play [8], [30], [38], [49], [53]. To generate a comprehensive list of these activities, one can employ tools such as a guided questionnaire [23], [30], [50] or even conduct focus group discussions [25], [45].…”

“…Technique. Various modeling approaches includes Data Flow Diagrams [13], [35], [38], [51], [53], STS-ml (Socio-Technical Security Modeling Language) [46]- [48], SecBPMN2 [48], Secure Tropos (SecTro) [48], JTrust [48], Misuse Case Diagrams [29], [51], [52], UML diagram [37], [42], BPMN [37], [54], Goal modeling diagrams [55], Problem Frames [5], or TOGAF-based modeling [37]. Textual specifications [32], [36], NLP techniques [16], Questionnaires [30], [46], Co-creation tools [45] Functional requirements list [32], Privacy-related entities [36] Stakeholder goals Asset and Data Inventory Data processing analysis [23], Guided questionnaire [30], [50], Focus group discussions [25], Surveys, Interviews [4], [29] Assets and data inventory list [23], Data processing activities [44] Data audit forms [8], Current database, Data flow diagrams Model-based Approach Data Flow Diagrams [13], [51], STS-ml [46], SecBPMN2, Secure Tropos, JTrust, Misuse Case Diagrams [29], [52], UML, BPMN…”

“…After that, choose the PETs and privacy patterns based on experts knowledge [8], [52] or from the mapping table between privacy requirements/threats to the corresponding solutions [8], [9], [13], [22], [37], [42], [44], [63] or based on recommendation system from semantics-based knowledge [44]. This can be categorized in further detail into a group of threats [13] or design strategies whether it is related to data or process [38], [53] or related to specific requirements in regulation [66].…”

“…In this task, the focus is on designing an architecture that supports the selected PETs and countermeasures while also meeting other relevant criteria. This involves defining the system architecture in a way that best supports the identified privacy-related processes [22], [24], [37], [38], [43], [49], [65], [66] and compliance [19].…”

Toward a Holistic Privacy Requirements Engineering Process: Insights From a Systematic Literature Review

MBIPV: a model-based approach for identifying privacy violations from software requirements

Translating Privacy Design Principles Into Human-Centered Software Lifecycle: A Literature Review