law and the software development life cycle
play

Law and the software development life cycle November 25, 2017 - PowerPoint PPT Presentation

Dec 22, 2023 •179 likes •701 views

Law and the software development life cycle November 25, 2017 Cesare Bartolini, Gabriele Lenzini Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg Outline 1 Legal requirements 2 The Software

  1. Law and the software development life cycle November 25, 2017 Cesare Bartolini, Gabriele Lenzini Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg

  2. Outline 1 Legal requirements 2 The Software Development Life Cycle 3 Legal requirements in the Software Development Life Cycle (SDLC) 4 Putting it all together Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 1 / 33

  3. Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 2 / 33

  4. L A T EX Outline 1 Legal requirements 2 The Software Development Life Cycle 3 Legal requirements in the SDLC 4 Putting it all together Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 2 / 33

  5. Requirements in software ◮ Functional ◮ What the system must do ◮ Non functional ◮ How the system must do it Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 3 / 33

  6. Requirements in software ◮ Functional ◮ What the system must do ◮ Non functional ◮ How the system must do it Typical non functional requirements ◮ Performance (good quality software) ◮ Security (confidentiality of information) ◮ Efficiency (limited use of resources) ◮ Cost-effectiveness (competitiveness on the market) ◮ Usability (easy to use for its target customers) ◮ . . . Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 3 / 33

  7. Requirements in software ◮ Functional ◮ What the system must do ◮ Non functional ◮ How the system must do it Typical non functional requirements ◮ Performance (good quality software) ◮ Security (confidentiality of information) ◮ Efficiency (limited use of resources) ◮ Cost-effectiveness (competitiveness on the market) ◮ Usability (easy to use for its target customers) ◮ . . . ◮ Compliance with legal obligations Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 3 / 33

  8. Ratio of legal requirements ◮ Laws set rules for enterprises ◮ Obligations / prohibitions / permissions Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 4 / 33

  9. Ratio of legal requirements ◮ Laws set rules for enterprises ◮ Obligations / prohibitions / permissions ◮ Already happened in the past ◮ Products (health, transparency, competition. . . ) ◮ Industrial processes (safety, environment. . . ) ◮ Now happening in the digital world Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 4 / 33

  10. Ratio of legal requirements ◮ Laws set rules for enterprises ◮ Obligations / prohibitions / permissions ◮ Already happened in the past ◮ Products (health, transparency, competition. . . ) ◮ Industrial processes (safety, environment. . . ) ◮ Now happening in the digital world ◮ Growing number of digital policies ◮ Especially in the European Union Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 4 / 33

  11. Purposes ◮ Corporates ◮ Security for trade secrets ◮ E-commerce ◮ Intellectual property ◮ Users ◮ Data protection ◮ Privacy ◮ Public safety ◮ Cybersecurity ◮ Data and news reliability ◮ Social trust Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 5 / 33

  12. Purposes (2) ◮ Crime control ◮ Backdoors ◮ Access to authorities ◮ Notice and take down ◮ National security ◮ Export control ◮ Security in military / intelligence software Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 6 / 33

  13. Legal sources ◮ Law ◮ HIPAA ◮ E-commerce Directive ◮ General Data Protection Regulation (GDPR) ◮ Export control (ITAR) ◮ . . . ◮ Policies / standards ◮ Security standards ◮ Sectorial standards ◮ Contracts ◮ Service-Level Agreements (SLAs) Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 7 / 33

  14. Standards and laws Policies / standards may be mandated ◮ PCI DSS (payment cards) in Nevada & Washington ◮ A variant of ISO 13485 (medical devices) in Mexico ◮ . . . Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 8 / 33

  15. Standards and laws Policies / standards may be mandated ◮ PCI DSS (payment cards) in Nevada & Washington ◮ A variant of ISO 13485 (medical devices) in Mexico ◮ . . . Problems Mandatory standards can introduce limitations to competitivity due to stringent requirements that may limit the target market. Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 8 / 33

  16. Two types of requirements Organizational ◮ Concerns the structure of the enterprise or the business processes ◮ May introduce specific roles ◮ May introduce specific activities ◮ May introduce specific timings ◮ May depend on enterprise size and type Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 9 / 33

  17. Two types of requirements Organizational ◮ Concerns the structure of the enterprise or the business processes ◮ May introduce specific roles ◮ May introduce specific activities ◮ May introduce specific timings ◮ May depend on enterprise size and type Technical ◮ Concerns specific activities to be put into place ◮ Depend on the technical state of the art ◮ By means of a relatio ◮ May or may not evolve in time ◮ Formal or substantive relatio ◮ May exclude from damage liability ◮ May be integrated into the SDLC Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 9 / 33

  18. Outline 1 Legal requirements 2 The Software Development Life Cycle 3 Legal requirements in the SDLC 4 Putting it all together Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 10 / 33

  19. SDLC concept Figure: Stages of the SDLC. Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 11 / 33

  20. SDLC structures Figure: The waterfall model. Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 12 / 33

  21. SDLC structures (2) Figure: The V-model. Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 13 / 33

  22. SDLC structures (3) Figure: The spiral model. Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 14 / 33

  23. Dealing with requirements ◮ Formal definition ◮ Representation (model) ◮ Implementation (measures) ◮ Assessment (metrics) ◮ Monitoring Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 15 / 33

  24. Outline 1 Legal requirements 2 The Software Development Life Cycle 3 Legal requirements in the SDLC 4 Putting it all together Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 16 / 33

  25. One objective, many solutions ◮ SDLC extension with legal requirements can happen in many ways ◮ Different methodologies for each SDLC stage ◮ Also depend on the software engineering approaches used ◮ Just a few guidelines Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 17 / 33

  26. Definition ◮ Definition written in legal language ◮ Especially when the source is the law ◮ Standards and contracts may give an easier time ◮ Many possible technical definitions ◮ Only partial overlap between legal and technical definitions ◮ Definition must be interpreted ◮ May differ depending on interpretation Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 18 / 33

  27. Definition ◮ Definition written in legal language ◮ Especially when the source is the law ◮ Standards and contracts may give an easier time ◮ Many possible technical definitions ◮ Only partial overlap between legal and technical definitions ◮ Definition must be interpreted ◮ May differ depending on interpretation Examples Service, cloud, database, file, request. . . Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 18 / 33

  28. More than words ◮ Affects all of the following stages ◮ Model ◮ Implementation ◮ Metrics ◮ Taken from literature or ad hoc ◮ May require feedback from later stages. . . ◮ . . . if it proves too problematic to use ◮ . . . if the scope is too broad or too narrow ◮ . . . if it is not useful enough Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 19 / 33

  29. Formal definition Natural language Ontologies Cesare Bartolini, Gabriele Lenzini (SnT)Law and the software development life cycle November 25, 2017 20 / 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

200711473 Software life cycle SDD within the life cycle SDD

200711473 Software life cycle SDD within the life cycle SDD

200711473 Software life cycle SDD within the life cycle SDD within the life cycle Purpose of an SDD - Period of time that starts when a software product is conceived and ends. -The life cycle approach is an

1.12k views • 28 slides
Software Development Faculty of Computer Science Dalhousie University Life Cycle Winter

Software Development Faculty of Computer Science Dalhousie University Life Cycle Winter

CSCI 2132: Software Development Norbert Zeh Software Development Faculty of Computer Science Dalhousie University Life Cycle Winter 2019 Software Development Life Cycle (SDLC) General term that describes structure imposed on the

424 views • 7 slides
1 If it's not merely programming Life Cycle What is it? Software life cycle Life Cycle

1 If it's not merely programming Life Cycle What is it? Software life cycle Life Cycle

Announcements CSE 403, Software Engineering Quiz section will be held in CSE 305 Lecture 2 Software Life Cycle Project Schedule Writing assignment Preliminary Design, April 15 Due Monday, 1:30 pm, April 4 Preliminary Release,

162 views • 4 slides
CSCI 2132 Software Development Lecture 14: Software Development Life Cycle Instructor: Vlado

CSCI 2132 Software Development Lecture 14: Software Development Life Cycle Instructor: Vlado

CSCI 2132 Software Development Lecture 14: Software Development Life Cycle Instructor: Vlado Keselj Faculty of Computer Science Dalhousie University 5-Oct-2018 (14) CSCI 2132 1 Previous Lecture (Fire Alarm) Integer and

621 views • 18 slides
Software Life Cycle Chapter 12, Outline Software Life Cycle Waterfall model and its

Software Life Cycle Chapter 12, Outline Software Life Cycle Waterfall model and its

Object-Oriented Software Engineering Conquering Complex and Changing Systems Software Life Cycle Chapter 12, Outline Software Life Cycle Waterfall model and its problems Pure Waterfall Model V-Model Sawtooth Model

595 views • 47 slides
Software Development Life Cycle Models Ppt Presentation The classical software lifecycle models

Software Development Life Cycle Models Ppt Presentation The classical software lifecycle models

Software Development Life Cycle Models Ppt Presentation The classical software lifecycle models the software development as a step-by-step waterfall between the various development phases. Maintenance. Testing. Place of Testing in Software

293 views • 4 slides
Levels of Testing Chapter 12 Beyond unit testing Life cycle models What is a life cycle

Levels of Testing Chapter 12 Beyond unit testing Life cycle models What is a life cycle

Levels of Testing Chapter 12 Beyond unit testing Life cycle models What is a life cycle model of software development? What is the traditional life cycle model? LOT2 V-Model development & testing Customer Acceptance

759 views • 45 slides
Levels of Testing Chapter 12 Beyond unit testing Life cycle models What is a

Levels of Testing Chapter 12 Beyond unit testing Life cycle models What is a

Levels of Testing Chapter 12 Beyond unit testing Life cycle models What is a life cycle model of software development? What is the traditional life cycle model? LOT2 V-Model development & testing

565 views • 35 slides
Chapter 1 Software Engineering Principles The Software Life Cycle Problem analysis

Chapter 1 Software Engineering Principles The Software Life Cycle Problem analysis

Chapter 1 Software Engineering Principles The Software Life Cycle Problem analysis Requirements elicitation Software specification High- and low-level design Implementation Testing and Verification Delivery

847 views • 51 slides
The Software Life Cycle Elaboration Production Software Engineering Deployment Modelling

The Software Life Cycle Elaboration Production Software Engineering Deployment Modelling

Inception Software Communication Planning Increment The Software Life Cycle Elaboration Production Software Engineering Deployment Modelling Andreas Zeller Saarland University Construction Transition Construction A Software Crisis

925 views • 74 slides
Strategies to Maximize the Security Efforts into the Agile Software Development Life Cycle Without

Strategies to Maximize the Security Efforts into the Agile Software Development Life Cycle Without

Strategies to Maximize the Security Efforts into the Agile Software Development Life Cycle Without Increasing the Headcount Anderson Maranho Ventura Dadario Information Security Flare Security, So Paulo, Brazil anderson@dadario.com.br

428 views • 3 slides
The Software Life Cycle Elaboration Production Software Engineering Deployment Modelling

The Software Life Cycle Elaboration Production Software Engineering Deployment Modelling

Inception Software Communication Planning Increment The Software Life Cycle Elaboration Production Software Engineering Deployment Modelling Andreas Zeller Saarland University Construction Transition Construction http:// Sign up!

341 views • 23 slides
The Software Life Cycle Elaboration Production Software Engineering Deployment Modelling

The Software Life Cycle Elaboration Production Software Engineering Deployment Modelling

Inception Software Communication Planning Increment The Software Life Cycle Elaboration Production Software Engineering Deployment Modelling Andreas Zeller Saarland University Construction Transition Construction Denver A

735 views • 24 slides
Intro to Life Cycle Analysis Intro to Life Cycle Analysis Intro to Life Cycle Analysis

Intro to Life Cycle Analysis Intro to Life Cycle Analysis Intro to Life Cycle Analysis

Intro to Life Cycle Analysis Intro to Life Cycle Analysis Intro to Life Cycle Analysis 2.83/2.813 2.83/2.813 2.83/2.813 Manufacturing End of Life Mining Use Phase References 1. Allen and Shonnard, Ch 13 1. Life Cycle Concepts Life

680 views • 54 slides
Intro to Life Cycle Analysis 2.83/2.813 Manufacturing End of Life Mining Use Phase Life Cycle

Intro to Life Cycle Analysis 2.83/2.813 Manufacturing End of Life Mining Use Phase Life Cycle

Intro to Life Cycle Analysis 2.83/2.813 Manufacturing End of Life Mining Use Phase Life Cycle Assessment LCA is a methodology to account for and assess the environmental impacts from all phases / stages of a product life cycle Mining

993 views • 72 slides
Engineering Engineering the the POlicy POlicy- -making making LIfe LIfe CYcle LIfe LIfe

Engineering Engineering the the POlicy POlicy- -making making LIfe LIfe CYcle LIfe LIfe

Engineering Engineering the the POlicy POlicy- -making making LIfe LIfe CYcle LIfe LIfe CYcle CYcle CYcle Objective ICT-2011.5.6 target a ICT solutions for Governance and Policy Modeling Duration 36 Months Proposal Number N 288147

650 views • 22 slides
Censor-free Publishing Topics in Computer Security philipp.winter@kau.se Apr 26, 2012

Censor-free Publishing Topics in Computer Security philipp.winter@kau.se Apr 26, 2012

Censor-free Publishing Topics in Computer Security philipp.winter@kau.se Apr 26, 2012 Introduction to Censorship Freedom of Opinion and Expression The Universal Declaration of Human Rights states in Article 19 : Everyone has the right to

814 views • 33 slides
Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx

Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/ CIC Cyber Cyber Secur

471 views • 33 slides
UN NC CT TA AD D E EE EC C R Re eg gi io on na al l W Wo or rk ks sh ho op

UN NC CT TA AD D E EE EC C R Re eg gi io on na al l W Wo or rk ks sh ho op

UN NC CT TA AD D E EE EC C R Re eg gi io on na al l W Wo or rk ks sh ho op p U St tr re en ng gt th he en ni in ng g t th he e S St ta at ti is st ti ic ca al l C Ca ap pa ac ci it ty y o

902 views • 26 slides
Existing Legislations on Data Privacy: A Change to Data Sharing? National Statistics Conference 2

Existing Legislations on Data Privacy: A Change to Data Sharing? National Statistics Conference 2

Existing Legislations on Data Privacy: A Change to Data Sharing? National Statistics Conference 2 0 1 2 Professor Abu Bakar Munir Faculty of Law , University of Malaya 7 Novem ber 2 0 1 2 1 Some of my books on ICT Law In Print Privacy and

721 views • 24 slides
Computing Research Association Snowbird 2004 The State of Computing Research The State of CRA

Computing Research Association Snowbird 2004 The State of Computing Research The State of CRA

Computing Research Association Snowbird 2004 The State of Computing Research The State of CRA Snowbird 2004 Jim Foley, CRA Chair Andy Bernat, CRA Executive Director Good News we Have a Great Story to Tell Computing maps directly

998 views • 58 slides
The Next Wave of Cyber Regulation Sponsored By: The Next Wave of Cyber Regulation Visit

The Next Wave of Cyber Regulation Sponsored By: The Next Wave of Cyber Regulation Visit

The Next Wave of Cyber Regulation Sponsored By: The Next Wave of Cyber Regulation Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides Recording of todays webinar Corresponding whitepaper

463 views • 18 slides
Monthly growth rates for the quantity bought in total retail sales 20% November December 18%

Monthly growth rates for the quantity bought in total retail sales 20% November December 18%

Monthly growth rates for the quantity bought in total retail sales 20% November December 18% 16% 14% 12% 10% 8% 6% 4% 2% 0% 2012 2013 2014 2015 2016 2017 Source: M&G, BBC, Office for National Statistics, 21 November 2018 B

212 views • 4 slides
Filesystems for Cloud Services Amazon Holiday Traf fi c

Filesystems for Cloud Services Amazon Holiday Traf fi c

Filesystems for Cloud Services Amazon Holiday Traf fi c https://www.mediapost.com/publications/article/312409/from-cyber-monday-to-cyber-month-the-broadening-o.html Amazon Holiday Traf fi c This is only a 12-day outlook! The peak is likely much

695 views • 38 slides

More recommend