Skip to main content
Conference ProceedingsOPEN ACCESS

Mapping legal requirements to IT controls

2013 6th International Workshop on Requirements Engineering and Law, RELAW 2013 - Proceedings (2013) 11-20
DOI: 10.1109/RELAW.2013.6671341
7Citations
Citations of this article
59Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Information technology (IT) controls are reusable system requirements that IT managers, administrators and developers use to demonstrate compliance with international standards, such as ISO 27000 standard. As controls are reusable, they tend to cover best practice independently from what specific government laws may require. However, because considerable effort has already been invested by IT companies in linking controls to their existing systems, aligning controls with regulations can yield important savings by avoiding noncompliance or unnecessary redesign. We report the results of a case study to align legal requirements from the U.S. and India that govern healthcare systems with three popular control catalogues: the NIST 800-53, ISO/IEC 27002:2009 and the Cloud Security Alliance CCM v1.3. The contributions include a repeatable protocol for mapping controls, heuristics to explain the types of mappings that may arise, and guidance for addressing incomplete mappings. © 2013 IEEE.

Author supplied keywords

References Powered by Scopus

Beyond the Productivity Paradox

Communications of the ACM
712Citations
N/AReaders
Get full text

Modeling Security Requirements through ownership, permission and delegation

Proceedings of the IEEE International Conference on Requirements Engineering
170Citations
N/AReaders
Get full text

A machine learning approach for tracing regulatory codes to product specific requirements

Proceedings - International Conference on Software Engineering
152Citations
N/AReaders
Get full text
View more at Scopus

Cited by Powered by Scopus

Legal framework for health cloud: A systematic review

International Journal of Medical Informatics
23Citations
N/AReaders
Get full text

Legal Accountability as Software Quality: A U.S. Data Processing Perspective

Proceedings of the IEEE International Conference on Requirements Engineering
13Citations
N/AReaders
Get full text

Structuring diverse regulatory requirements for global product development

8th International Workshop on Requirements Engineering and Law, RELAW 2015 - Proceedings
9Citations
N/AReaders
Get full text
View more at Scopus

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Breaux, T. D., Gordon, D. G., Papanikolaou, N., & Pearson, S. (2013). Mapping legal requirements to IT controls. In 2013 6th International Workshop on Requirements Engineering and Law, RELAW 2013 - Proceedings (pp. 11–20). IEEE Computer Society. https://doi.org/10.1109/RELAW.2013.6671341

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 37

84%

Researcher 7

16%

Readers' Discipline

Tooltip

Computer Science 38

73%

Engineering 7

13%

Business, Management and Accounting 4

8%

Social Sciences 3

6%

Save time finding and organizing research with Mendeley

Sign up for free