文章基本信息

标题：Realizing Compliance Tactics to Support Authentication Bridging gap between Software Architecture and Regulatory Requirements
本地全文：下载
作者：Syeda Uzma Gardazi ; Shehnila Zardari
期刊名称：International Journal of Computer Science and Network Security
印刷版ISSN：1738-7906
出版年度：2017
卷号：17
期号：5
页码：337-345
出版社：International Journal of Computer Science and Network Security
摘要：Internationally Compliance is controlled by applicable Information Security regulations e.g. HIPAA. Countries e.g. United States (US) and European Union (EU) etc. have set regulatory and standard requirements to be met for the exchange of information internally or externally. Currently, cybercrime bill has been passed by the National Assembly Standing Committee on IT which is a reactive approach rather than proactive approach in absence of Data Protection Act. This paper suggests improvement in existing Pakistani Data Protection Act 2005 draft which should be published as a proactive approach to secure data within Pakistan. Further, authors introduced a new approach to embodying e-Authentication architectural tactics at software architecture. It will result in better compliance of regulations and standards Authentication requirements for information. The first step is cross-mapping of multiple standards and rules to identify various aspects of the e-Authentication regulatory requirement compliance. Next, we have addressed how software architecture will treat Authentication Compliance Attribute (CA) and Quality Attribute (QA). In addition, CA impact over QA is also being determined and evaluated using WebEHR portal and Health Level Seven (HL7) case study.
关键词：PCI DSS; ISO 27001:2013; ISO 9001: 2015; HIPAA; CMS; DEA; NIST; Pakistani Data Protection Act 2005 Draft; Authentication Assurance; Architectural Mechanism; and HL7.