Towards Compliant Reference Architectures by Finding Analogies and Overlaps in Compliance Regulations

Eduardo B. Fernandez; Dereje Yimam

doi:10.5220/0005575604350440

Towards Compliant Reference Architectures by Finding Analogies and Overlaps in Compliance Regulations

Eduardo B. Fernandez, Dereje Yimam

2015

Abstract

Business software is subject to a variety of regulations depending on the type of application. For example, software handling of medical records must follow HIPAA; software for financial applications must comply with Sarbanes Oxley, and so on. A close examination of the policies included in those regulations shows that they have analog and common aspects. Analog parts of regulations can be expressed as Semantic Analysis Patterns (SAPs), which can lead to building similar parts in other regulations. Overlapping parts usually correspond to security patterns and can be used to add security to other regulations. If we collect SAPs and security patterns in a catalog we can build reference architectures (RAs) for existing and new regulations. The resultant Compliant RAs (CRAs) can be used as guidelines for building compliant applications.

Download

Paper Citation

in Harvard Style

B. Fernandez E. and Yimam D. (2015). Towards Compliant Reference Architectures by Finding Analogies and Overlaps in Compliance Regulations . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 435-440. DOI: 10.5220/0005575604350440

in Bibtex Style

@conference{secrypt15,
author={Eduardo B. Fernandez and Dereje Yimam},
title={Towards Compliant Reference Architectures by Finding Analogies and Overlaps in Compliance Regulations},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={435-440},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005575604350440},
isbn={978-989-758-117-5},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - Towards Compliant Reference Architectures by Finding Analogies and Overlaps in Compliance Regulations
SN - 978-989-758-117-5
AU - B. Fernandez E.
AU - Yimam D.
PY - 2015
SP - 435
EP - 440
DO - 10.5220/0005575604350440