{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,3,28]],"date-time":"2024-03-28T04:41:59Z","timestamp":1711600919913},"reference-count":27,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,7,1]]},"abstract":"
Common Criteria and ISO 27001\/IT-Grundschutz are well acknowledged evaluation standards for the security of IT systems and the organisation they are embedded in. These standards take a technical point of view. In legally sensitive areas, such as processing of personal information or online voting, compliance with the legal specifications is of high importance, however, for the users\u2019 trust in an IT system and thus for the success of this system. This article shows how standards for the evaluation of IT security may be integrated with the KORA approach for law compatible technology design to the benefit of both \u2013 increasing confidence IT systems and their conformity with the law on one hand and a concrete possibility for legal requirements to be integrated into technology design from the start. The soundness of this interdisciplinary work will be presented in an exemplary application to online voting.<\/p>","DOI":"10.4018\/jisp.2013070102","type":"journal-article","created":{"date-parts":[[2013,11,25]],"date-time":"2013-11-25T22:03:47Z","timestamp":1385417027000},"page":"16-35","source":"Crossref","is-referenced-by-count":7,"title":["Holistic and Law Compatible IT Security Evaluation"],"prefix":"10.4018","volume":"7","author":[{"given":"Daniela","family":"Simi\u0107-Draws","sequence":"first","affiliation":[{"name":"Institut f\u00fcr Wirtschafts- und Verwaltungsinformatik, Universit\u00e4t Koblenz-Landau, Koblenz, Germany"}]},{"given":"Stephan","family":"Neumann","sequence":"additional","affiliation":[{"name":"Center for Advanced Security Research Darmstadt, Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"}]},{"given":"Anna","family":"Kahlert","sequence":"additional","affiliation":[{"name":"Projektgruppe verfassungsvertr\u00e4gliche Technikgestaltung (Provet), Universit\u00e4t Kassel, Kassel, Germany, Kassel, Germany"}]},{"given":"Philipp","family":"Richter","sequence":"additional","affiliation":[{"name":"Projektgruppe verfassungsvertr\u00e4gliche Technikgestaltung (Provet), Universit\u00e4t Kassel, Kassel, Germany, Kassel, Germany"}]},{"given":"R\u00fcdiger","family":"Grimm","sequence":"additional","affiliation":[{"name":"Institut f\u00fcr Wirtschafts- und Verwaltungsinformatik, Universit\u00e4t Koblenz-Landau, Koblenz, Germany"}]},{"given":"Melanie","family":"Volkamer","sequence":"additional","affiliation":[{"name":"Center for Advanced Security Research Darmstadt, Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"}]},{"given":"Alexander","family":"Ro\u00dfnagel","sequence":"additional","affiliation":[{"name":"Projektgruppe verfassungsvertr\u00e4gliche Technikgestaltung (Provet), Universit\u00e4t Kassel, Kassel, Germany, Kassel, Germany"}]}],"member":"2432","reference":[{"key":"jisp.2013070102-0","doi-asserted-by":"crossref","unstructured":"Beckers, K., Fa\u00dfbender, S., K\u00fcster, J.-C., & Schmidt, H. (2012a). A pattern-based method for identifying and analyzing laws. In B. Regnell & D. Damian (Eds.), Proceedings of the International Working Conference on Requirements Engineering: Foundation for Software Quality 2012: Volume 7195 Lecture Notes in Computer Science (pp. 256-262). Wiesbaden, Germany: Springer.","DOI":"10.1007\/978-3-642-28714-5_23"},{"key":"jisp.2013070102-1","doi-asserted-by":"crossref","unstructured":"Beckers, K., Fa\u00dfbender, S., & Schmidt, H. (2012b). An integrated method for pattern-based elicitation of legal requirements applied to a cloud computing example. In Proceedings of the Seventh International Conference on Availability, Reliability and Security (ARES 2012) (pp. 463-472). IEEE Computer Society.","DOI":"10.1109\/ARES.2012.25"},{"key":"jisp.2013070102-2","doi-asserted-by":"crossref","unstructured":"Br\u00e4unlich. K., Richter. P., Grimm, R., & Ro\u00dfnagel, A. (2011). Verbindung von CC-Schutzprofilen mit der Methode rechtlicher IT-Gestaltung KORA \u2013 Anwendungsbeispiel: Wahlgeheimnis. Datenschutz und Datensicherheit, 129-135.","DOI":"10.1007\/s11623-011-0033-y"},{"key":"jisp.2013070102-3","doi-asserted-by":"crossref","unstructured":"Breaux, T., & Ant\u00f3n, A. (2005a). Analyzing goal semantics for rights, permission, and obligations. In Proceedings of the 13th IEEE International Conference on Requirements Engineering (RE `05). (pp. 177-186). IEEE Computer Society.","DOI":"10.1109\/RE.2005.12"},{"key":"jisp.2013070102-4","unstructured":"Breaux, T., & Ant\u00f3n, A. (2005b). Deriving semantic models from privacy policies. In POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (pp. 67-76). IEEE Computer Society."},{"key":"jisp.2013070102-5","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.70746"},{"key":"jisp.2013070102-6","unstructured":"Breaux, T., Vail, M., & Ant\u00f3n, A. (2008). Towards regulatory compliance: Extracting rights and obligations to align requirements with regulations. In B. Paech & C. Rolland (Eds.) Requirements Engineering, 14th IEEE International Conference (pp. 46-55). Wiesbaden, Germany: Springer."},{"key":"jisp.2013070102-7","year":"2008","journal-title":"IT-Grundschutz Methodology, BSI Standard 100-2 (Version 2.0 Mai 2008)"},{"key":"jisp.2013070102-8","year":"2008","journal-title":"Risk anaylsis based on IT-Grundschutz, BSI Standard 100-3 (Version 2008)"},{"key":"jisp.2013070102-9","unstructured":"CEM (2009). Common methodology for information technology security evaluation (Version 3.1 Revision 3, 2009)."},{"key":"jisp.2013070102-10","unstructured":"German Federal Constitutional Court (BVerfGE, 1983). Decisions of the German Federal Constitutional Court, 65, 1 (43)."},{"key":"jisp.2013070102-11","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-78109-4"},{"key":"jisp.2013070102-12","doi-asserted-by":"crossref","unstructured":"Hoffmann, A., Schulz, T., Hoffmann, H., Jandt, S., Ro\u00dfnagel, A., & Leimeister, J. (2012). Towards the use of software requirement patterns for legal requirements. In Svensson et al. (Eds.) 2nd International Requirements Engineering Efficiency Workshop (REEW) at REFSQ 2012 (ICB-Research Report No. 52). (pp. 50-61). Essen, Germany: Universit\u00e4t Uni Duisburg-Essen.","DOI":"10.2139\/ssrn.2484455"},{"key":"jisp.2013070102-13","author":"S.Idecke-Lux","year":"2000","journal-title":"Der Einsatz von multimedialen Dokumenten bei der Genehmigung von neuen Anlagen nach dem Bundesimmissionsschutz-Gesetz"},{"key":"jisp.2013070102-14","year":"2005","journal-title":"ISO\/IEC 27001: Information technology \u2013 Security techniques -- Specification for an Information Security Management System"},{"key":"jisp.2013070102-15","year":"2009","journal-title":"ISO\/IEC 15408: Common criteria for information technology security evaluation, Part 1 \u2013 3 (Version 3.1, Revision 3)"},{"key":"jisp.2013070102-16","author":"P.Laue","year":"2009","journal-title":"Vorgangsbearbeitung in der \u00f6ffentlichen Verwaltung"},{"key":"jisp.2013070102-17","unstructured":"Morlok, M. (2006). Art. 38 GG. In Dreier (Ed.), Grundgesetz-Kommentar. T\u00fcbingen, Germany: Mohr Siebeck."},{"key":"jisp.2013070102-18","author":"U.Pordesch","year":"2003","journal-title":"Die elektronische Form und das Pr\u00e4sentationsproblem"},{"key":"jisp.2013070102-19","doi-asserted-by":"publisher","DOI":"10.5771\/9783845243450"},{"key":"jisp.2013070102-20","unstructured":"Ro\u00dfnagel, A. (1997). Der Nachweis von Sicherheit im Anlagenrecht - Am Beispiel von deterministischen und probabilistischen Sicherheitsnachweisen im Atomrecht. Die \u00d6ffentliche Verwaltung, 801 \u2013 810."},{"key":"jisp.2013070102-21","first-page":"381","article-title":"Rechtswissenschaftliche Gestaltung von Informationstechnik","author":"A.Ro\u00dfnagel","year":"2008","journal-title":"Wissen, Vernetzung, Virtualisierung"},{"key":"jisp.2013070102-22","first-page":"41","article-title":"Das Gebot der Datenvermeidung und -sparsamkeit als Ansatz wirksamen technikbasierten Pers\u00f6nlichkeitsschutzes?","author":"A.Ro\u00dfnagel","year":"2011","journal-title":"Innovation, Recht und \u00f6ffentliche Kommunikation (Sonderdruck) \u2013 Innovation und Recht IV"},{"key":"jisp.2013070102-23","unstructured":"Ro\u00dfnagel, A., & Neuser, U. (2006). Die rechtliche Festlegung von Risikogrenzwerten. Zeitschrift f\u00fcr Umwelt- und Planungsrecht, 125-131."},{"key":"jisp.2013070102-24","author":"P.Scholz","year":"2003","journal-title":"Datenschutz beim Interneteinkauf \u2013 Gef\u00e4hrdungen \u2013 Anforderungen \u2013 Gestaltungen"},{"key":"jisp.2013070102-25","author":"M.Schwenke","year":"2006","journal-title":"Individualisierung und Datenschutz\u2013 Rechtskonformer Umgang mit personenbezogenen Daten im Kontext der Individualisierung"},{"key":"jisp.2013070102-26","author":"T.Stadler","year":"2006","journal-title":"Mobiles Bezahlen \u2013 Die rechtsvertr\u00e4gliche Gestaltung mobiler Bezahlverfahren in Deutschland"}],"container-title":["International Journal of Information Security and Privacy"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=95140","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T17:56:22Z","timestamp":1654106182000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jisp.2013070102"}},"subtitle":["Integration of Common Criteria, ISO 27001\/IT-Grundschutz and KORA"],"short-title":[],"issued":{"date-parts":[[2013,7,1]]},"references-count":27,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2013,7]]}},"URL":"http:\/\/dx.doi.org\/10.4018\/jisp.2013070102","relation":{},"ISSN":["1930-1650","1930-1669"],"issn-type":[{"value":"1930-1650","type":"print"},{"value":"1930-1669","type":"electronic"}],"subject":["Information Systems"],"published":{"date-parts":[[2013,7,1]]}}}