{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T03:45:06Z","timestamp":1760586306894},"reference-count":32,"publisher":"Elsevier BV","issue":"14","license":[{"start":{"date-parts":[[2003,11,1]],"date-time":"2003-11-01T00:00:00Z","timestamp":1067644800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information and Software Technology"],"published-print":{"date-parts":[[2003,11]]},"DOI":"10.1016\/s0950-5849(03)00095-8","type":"journal-article","created":{"date-parts":[[2003,9,12]],"date-time":"2003-09-12T05:06:58Z","timestamp":1063343218000},"page":"967-977","source":"Crossref","is-referenced-by-count":33,"title":["Precluding incongruous behavior by aligning software requirements with security and privacy policies"],"prefix":"10.1016","volume":"45","author":[{"given":"Annie I","family":"Ant\u00f3n","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Julia B","family":"Earp","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ryan A","family":"Carter","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"key":"10.1016\/S0950-5849(03)00095-8_BIB2","series-title":"E-Commerce Security and Privacy","first-page":"29","article-title":"Strategies for developing policies and requirements for secure electronic commerce systems","author":"Ant\u00f3n","year":"2001"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB3","article-title":"The NCSU e-commerce studio: supporting multidisciplinary project driven development for secure systems","volume":"June","author":"Ant\u00f3n","year":"2002","journal-title":"NCISSE"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB4","first-page":"138","article-title":"The role of policy and privacy values in requirements engineering","author":"Ant\u00f3n","year":"2001","journal-title":"IEEE fifth International Symposium on RE, 27\u201331 August"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB5","article-title":"Analyzing web site privacy requirements using a privacy goal taxonomy","volume":"September","author":"Ant\u00f3n","year":"2002","journal-title":"10th Anniversary IEEE Joint RE Conference"},{"issue":"1","key":"10.1016\/S0950-5849(03)00095-8_BIB6","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1109\/MS.2003.1159030","article-title":"Misuse cases: use cases with hostile intent","volume":"20","author":"Alexander","year":"2003","journal-title":"IEEE Software"},{"issue":"1","key":"10.1016\/S0950-5849(03)00095-8_BIB7","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1145\/291469.291479","article-title":"Action research","volume":"42","author":"Avison","year":"1999","journal-title":"Communications of the ACM"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB8","doi-asserted-by":"crossref","first-page":"157","DOI":"10.1109\/ICSE.1998.671112","article-title":"The use of goals to surface requirements for evolving systems","author":"Ant\u00f3n","year":"1998","journal-title":"International Conference on Software Engineering, 19\u201325 April"},{"issue":"4","key":"10.1016\/S0950-5849(03)00095-8_BIB9","doi-asserted-by":"crossref","first-page":"481","DOI":"10.2307\/249565","article-title":"Controlling prototype development through risk analysis","volume":"20","author":"Baskerville","year":"1996","journal-title":"MIS Quarterly"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB10","first-page":"94","article-title":"Evolving beyond requirements creep: a risk based evolutionary prototyping model","volume":"August","author":"Carter","year":"2001","journal-title":"IEEE International Symposium on Requirements Engineering"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB11","first-page":"234","article-title":"Dealing with security requirements during the development of information systems","author":"Chung","year":"1993","journal-title":"Fifth International Conference on Advanced Information Systems Engineering (CAiSE'93), Paris, France"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB13","unstructured":"M.J. Culnan, Georgetown Internet Privacy Policy Survey: Report to the Federal Trade Commission. Georgetown University, The McDonough School of Business, 1999."},{"key":"10.1016\/S0950-5849(03)00095-8_BIB14","article-title":"Network+: guide to networks","author":"Dean","year":"2000","journal-title":"Course Technology"},{"issue":"12","key":"10.1016\/S0950-5849(03)00095-8_BIB15","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1145\/290133.290149","article-title":"Adapting traceability environments to project-specific needs","volume":"41","author":"D\u00f6mges","year":"1998","journal-title":"Communications of the ACM"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB17","article-title":"The integration of safety and security requirements","author":"Eames","year":"1999","journal-title":"Safecomp '99, Toulouse, France, 27\u201329 September"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB18","unstructured":"European Union, The European Union Directive 95\/46\/EC: On The Protection Of Individuals With Regard to the Processing of Personal Data and on the Free Movement of Such Data, February 20, 1995, Last accessed on March 17, 2003 at http:\/\/www.privacy.org\/pi\/intl_orgs\/ec\/eudp.html."},{"key":"10.1016\/S0950-5849(03)00095-8_BIB19","unstructured":"The Code of Fair Information Practices, US Department of Health, Education and Welfare, Secretary's Advisory Committee on Automated Personal Data Systems, Records, Computers, and the Rights of Citizens, viii, 1973."},{"key":"10.1016\/S0950-5849(03)00095-8_BIB20","unstructured":"Privacy Online: A Report to Congress, Federal Trade Commission, June 1998."},{"key":"10.1016\/S0950-5849(03)00095-8_BIB21","unstructured":"Privacy Online: Fair Information Practices in the Electronic Marketplace, A Report to Congress, Federal Trade Commission, 2000."},{"issue":"4","key":"10.1016\/S0950-5849(03)00095-8_BIB22","doi-asserted-by":"crossref","first-page":"375","DOI":"10.1023\/A:1008617922496","article-title":"AbstFinder, a prototype natural language text abstraction finder for use in requirements elicitation'","volume":"4","author":"Goldin","year":"1997","journal-title":"Automated Software Engineering"},{"issue":"5","key":"10.1016\/S0950-5849(03)00095-8_BIB23","first-page":"63","article-title":"The house of quality","volume":"32","author":"Hauser","year":"1988","journal-title":"Harvard Business Review"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB24","series-title":"Software Requirements and Specifications","author":"Jackson","year":"1995"},{"issue":"9","key":"10.1016\/S0950-5849(03)00095-8_BIB25","first-page":"65","article-title":"Myths in organisational action research: reflections on a study of computer-supported process redesign groups","volume":"4","author":"Kock","year":"1997","journal-title":"Organizations and Society"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB26","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1146\/annurev.soc.24.1.183","article-title":"Social dilemmas: the anatomy of cooperation","volume":"24","author":"Kollock","year":"1998","journal-title":"Annual Review of Sociology"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB27","first-page":"249","article-title":"Goal-oriented requirements engineering: a guided tour","author":"van Lamsweerde","year":"2001","journal-title":"Fifth International Symposium on Requirements Engineering, 27\u201331 August"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB28","doi-asserted-by":"crossref","first-page":"350","DOI":"10.1109\/HICSS.1997.663407","article-title":"Developing internet security policy for organizations","volume":"4","author":"Lichtenstein","year":"1997","journal-title":"30th Hawaii International Conference on System Sciences"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB29","series-title":"Requirements and Policies","author":"Moffett","year":"1999"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB30","unstructured":"Policy Framework for Interpreting Risk in eCommerce Security, CERIAS Technical Report, Purdue University, 1999."},{"key":"10.1016\/S0950-5849(03)00095-8_BIB31","doi-asserted-by":"crossref","first-page":"515","DOI":"10.1016\/0167-4048(91)90076-P","article-title":"A framework for security requirements","volume":"10","author":"Pfleeger","year":"1991","journal-title":"Computers and Security"},{"issue":"12","key":"10.1016\/S0950-5849(03)00095-8_BIB34","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1145\/290133.290147","article-title":"Factors influencing requirements traceability practice","volume":"41","author":"Ramesh","year":"1998","journal-title":"Communications of the ACM"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB35","unstructured":"Scenario Management and Requirements Tool, http:\/\/tigger.csc.ncsu.edu\/~smart\/."},{"key":"10.1016\/S0950-5849(03)00095-8_BIB36","series-title":"Eliciting security requirements by misuse cases","author":"Sindre","year":"2000"},{"key":"10.1016\/S0950-5849(03)00095-8_BIB37","series-title":"Security policy management for networked information systems","author":"Trcek","year":"2000"}],"container-title":["Information and Software Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0950584903000958?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0950584903000958?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2019,2,24]],"date-time":"2019-02-24T18:29:39Z","timestamp":1551032979000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0950584903000958"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003,11]]},"references-count":32,"journal-issue":{"issue":"14","published-print":{"date-parts":[[2003,11]]}},"alternative-id":["S0950584903000958"],"URL":"https:\/\/doi.org\/10.1016\/s0950-5849(03)00095-8","relation":{},"ISSN":["0950-5849"],"issn-type":[{"value":"0950-5849","type":"print"}],"subject":[],"published":{"date-parts":[[2003,11]]}}}