Maxwell et al., (2011) also conducts a cross- 
reference  approach  for  identifying  conflicting 
software requirements. Their work revealed that rules 
and laws are  easier to handle, and the reputation of 
the  company  depends  on  the  rules  and  regulation 
which are followed. On the other hand, this can lead 
to  an  increase  in  costs,  because  system  laws  have 
overloads.  
Furthermore,  Schon  et  al.,  (2017)  investigates 
agile software development, and discovers that rapid 
changing  in  requirements  can  be  easy  to  handle, 
whilst on the other hand, there are more complexities 
because a hybrid development model is used.      
7  CONCLUSION 
In this paper, we outline the need to identify conflicts 
between requirements and to have a suitable tool to 
resolve  such  conflicts.  The  ConfIS  framework  has 
been  presented  for  identifying  conflicts  between 
security and privacy requirements. ConfIS allows the 
analyst to deal with the potential conflicts that may be 
discovered later and has been applied to a case study 
from  the  DEFeND  project.  Lastly,  we  demonstrate 
the phases of ConfIS step-by-step, to investigate how 
it helps  the  analyst to identify  and  resolve  conflicts 
via a supporting tool. 
ACKNOWLEDGMENTS  
The  DEFeND  project  received  funding  from  the 
European  Union’s  Horizon  2020  research  and 
innovation  programme  under  grant  agreement  No. 
787068. 
REFERENCES 
Albrecht,  J.  P.  (2016).  How  the  GDPR  will  change  the 
world. Eur. Data Prot. L. Rev., 2, 287. 
Aldekhail,  M.,  Chikh,  A.,  &  Ziani,  D.  (2016).  Software 
requirements  conflict  identification:  review  and 
recommendations.  Int  J  Adv  Comput  Sci  Appl 
(IJACSA), 7(10), 326. 
Alkubaisy,  D.  (2017,  May).  A  framework  managing 
conflicts between security and privacy requirements. In 
2017  11th  international  conference  on  research 
challenges  in  information  science  (RCIS)  (pp.  427-
432). IEEE. 
Alkubaisy,  D.,  Cox,  K.,  &  Mouratidis,  H.  (2019,  May). 
Towards  Detecting  and  Mitigating  Conflicts  for 
Privacy  and  Security  Requirements.  In  2019  13th 
International  Conference  on  Research  Challenges  in 
Information Science (RCIS) (pp. 1-6). IEEE. 
Bhavsar,  R.,  Thakkar,  A.,  Sanghavi,  P.,  &  Tanwar,  S. 
(2019). Resolving conflicts in requirement engineering 
through  agile  software  development:  A  comparative 
case study. In  International  Conference  on Innovative 
Computing  and  Communications  (pp.  349-357). 
Springer, Singapore. 
Botha,  J.,  Grobler,  M.,  &  Eloff,  M.  (2017,  June).  Global 
Data  Breaches  Responsible  for  the  Disclosure  of 
Personal  Information:  2015  &  2016.  In  European 
Conference on Cyber Warfare and Security (pp. 63-72). 
Academic Conferences International Limited. 
Camenisch,  J.,  &  Lysyanskaya,  A.  (2001,  May).  An 
efficient  system  for  non-transferable  anonymous 
credentials  with  optional  anonymity  revocation.  In 
International conference on the theory and applications 
of  cryptographic  techniques  (pp.  93-118).  Springer, 
Berlin, Heidelberg. 
Egyed, A., & Boehm, B. (1998, July). 4.5. 3 A Comparison 
Study  in  Software  Requirements  Negotiation.  In 
INCOSE International Symposium (Vol. 8, No. 1, pp. 
666-674). 
Farrell, S. "Nearly 157,000 had data breached in TalkTalk 
cyber-attack."  (2015).  Available  at:  https://www.the 
guardian.com/business/2015/nov/06/nearly-157000-
had-data-breached-in-talktalk-cyber-attack  [Accessed: 
15 May 2017]. 
Horkoff, J., Aydemir, F. B., Cardoso, E., Li, T., Maté, A., 
Paja,  E.,  &  Giorgini,  P.  (2019).  Goal-oriented 
requirements  engineering:  an  extended  systematic 
mapping study. Requirements Engineering, 24(2), 133-
160. 
Kim,  M.,  Park,  S.,  Sugumaran,  V.,  &  Yang,  H.  (2007). 
Managing  requirements  conflicts  in  software  product 
lines:  A  goal  and  scenario  based  approach.  Data  & 
Knowledge Engineering, 61(3), 417-432. 
Van  Lamsweerde,  A.,  Darimont,  R.,  &  Letier,  E. (1998). 
Managing  conflicts  in  goal-driven  requirements 
engineering.  IEEE  transactions  on  Software 
engineering, 24(11), 908-926. 
Liu,  L.,  Yu,  E.,  &  Mylopoulos,  J.  (2003,  September). 
Security  and  privacy  requirements  analysis  within  a 
social setting. In Proceedings. 11th IEEE International 
Requirements Engineering Conference, 2003. (pp. 151-
161). IEEE. 
Maguire,  M.  (2001).  Methods  to  support  human-centred 
design.  International  journal  of  human-computer 
studies, 55(4), 587-634. 
Mairiza,  D.,  Zowghi,  D.,  &  Nurmuliani,  N.  (2010). 
Towards  a  Catalogue  of  Conflicts  Among  Non-
functional Requirements. ENASE, 2010, 20-29. 
Mairiza, Dewi, et al. (2013). "Conflict characterization and 
analysis  of  non-functional  requirements:  An 
experimental  approach."  Intelligent  Software 
Methodologies, Tools and Techniques (SoMeT), 2013 
IEEE 12th International Conference on. IEEE. 
Maxwell, J. C., Antón, A. I., & Swire, P. (2011, August). A 
legal  cross-references  taxonomy  for  identifying 
conflicting software requirements. In 2011 IEEE 19th