Presentation is loading. Please wait.

Presentation is loading. Please wait.

Alberto Siena. GORE focuses on stakeholders and their goals Effective in specifying requirements that satisfy some properties (e.g., cost/benefit trade-off,

Published byGrayson Bunt Modified over 10 years ago

Similar presentations

Presentation on theme: "Alberto Siena. GORE focuses on stakeholders and their goals Effective in specifying requirements that satisfy some properties (e.g., cost/benefit trade-off,"— Presentation transcript:

1 Alberto Siena

2 GORE focuses on stakeholders and their goals Effective in specifying requirements that satisfy some properties (e.g., cost/benefit trade-off, risk, security, …) and match stakeholders needs

3 New laws, increased pervasiveness of IS Laws are increasingly source of requirements However law prescriptions are NOT stakeholders goals Stakeholders want goals, whereas law prescriptions are imposed to stakeholders Law prescriptions can contraddict goals

4 The act adhering to, and demonstrating adherence to, a standard or regulation (wikipedia) Recovery-time Requirements-time Run-time Can be proved here Exists here Is conceived here (adhering to) (demonstrating adherence to) Compliance

5 Phase of the system (-to-be) Compliance characteristicsCompliance type Requirements- time Distribution of responsibilities, such that, if every actor fulfils its goals, then the compliance is ensured Intentional compliance Run-timeRun-time set of actions and processes that actually represent the legal condition for compliance Actual compliance Recovery-timeProved compliance or set of recovery actions that restore the run-time compliance after a violation has been detected Strong compliance

6 Framework for systematically go from law prescriptions to requirements. Nomos = A language + a method + a set of properties (e.g., intentional compliance) It allows to Reason about how requirements are generated (select among alternatives) Check properties of requirements models wrt. laws

7 Properties concern the interaction between goals and laws Needed: languages for modeling The models of G and L must be consistent with each other! Requirements (G): i*Laws (L): Nomos

8 Hohfelds taxonomy of legal concepts (1913) Milestone in juridical literature Rights are the core concepts Rights are entitlement (not) to perform certain actions or be in certain states, or entitlements that others (not) perform certain actions or be in certain states W. N. Hohfeld. Fundamental Legal Conceptions as Applied in Judicial Reasoning. Yale Law Journal 23(1), 1913.

9 8 fundamental rights: Privilege, Claim, No-claim, Duty, Power, Liability, Immunity, Disability Opposites and correlatives

10 A legal text can be subdivided into smaller legal statements, called Normative Propositions (NP) Each NP carries the atomic piece of information about a single right NP =,,, A hard formalization is given by Sartor Maps rights to deontic operators

11

12 Health Insurance Portability and Accountability Act (HIPAA), art. §164.502(a): A CE may not use or disclose PHI NP = (CE, Individual, claim, Dont disclose PHI)

13 HIPAA, art. §164.502: (a) A CE may not use or disclose PHI, except as permitted or required by this subpart [...] (1) A covered entity is permitted to use or disclose PHI [...] (i) To the individual; […] (2) A CE is required to disclose PHI: (i) To an individual, when requested [...]; and (ii) When required by the Secretary.

14

15

16 To deal with: conditions, exceptions, etc., that exist in law texts Relative approach rather than absolute approach

17

18

19 Building block for aggregate (intentional) compliance Uses the realization relation between goal and NP Changes according to the nature of the right

20 Many compliance alternatives Many compliance preferences Many compliance degrees Many compliance alternatives Many compliance preferences Many compliance degrees

21 1. Bind domain stakeholders with subjects addressed by law 2. Identify legal alternatives 3. Select the normative proposition to realize 4. Identify potential realizations of normative propositions 5. Identify legal risks 6. Identify proof artifacts 7. Constrain delegation of goals to other actors

22 Traceability Documentability Legal risk identifiability Protected across organizational interactions (delegations)

23

24

25

26

27 W. N. Hohfeld. Fundamental Legal Conceptions as Applied in Judicial Reasoning. Yale Law Journal 23(1), 1913. Giovanni Sartor. Fundamental legal concepts: A formal and teleological characterisation. Articial Intelligence and Law, 14(1-2):101–142, April 2006. Alberto Siena, John Mylopoulos, Anna Perini, and Angelo Susi. The Nomos framework: Modelling requirements compliant with laws. Technical Report TR-0209-SMSP, FBK – Irst, http://disi.unitn.it/asiena/files/TR- 0209- SMSP.pdf, 2009. http://disi.unitn.it/asiena/files/TR- 0209- SMSP.pdf

28

Download ppt "Alberto Siena. GORE focuses on stakeholders and their goals Effective in specifying requirements that satisfy some properties (e.g., cost/benefit trade-off,"

Similar presentations

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

Similar presentations

Ads by Google