How can we identify risks related to software development? The RASEN research project focuses on information security and legal risk management.
About the project
The RASEN project will develop a methodology for legal risk management that can be integrated with security risk assessments. By integrating a focus on legal risks, in addition to security risks, this methodology will take into account a broader set of issues than in traditional security risk analyses.
The legal researchers will focus on legal risk assessments in relation to fairly concrete industrial case studies defined by industrial partners in RASEN. Each case study focuses on distinct legal issues that are triggered by the specific context of the respective case. Amongst the use cases developed in the project, two have concrete legal implications: First, a case study focusing on eHealth applications for hospitals triggers a set of legal rules applicable to the processing of health data, which are considered as sensitive under applicable data protection laws. Second, a case study on financial services used on tablet computers triggers specific security requirements applicable to financial services
Security is a matter of priority in the context of software development. In order to achieve an acceptable level of security, software developers usually use a combination of risk analysis and security testing. However, security requirements do not exist in a vacuum; they are often related to legal requirements in the applicable law.
It will often be relevant to ascertain whether the development and use of certain software in fact complies with legal requirements. However, legal requirements may come from a variety of sources and may be at different levels of specificity. Thus, ascertaining whether software complies with legal requirements may not be trivial, and it may require an in-depth legal analysis of how the software is developed and planned to be used.
The project consortium consists of the following partners:
- SINTEF ICT, Norway http://www.sintef.no/home/Information-and-Communication-Technology-ICT/
- Fraunhofer Fokus, Germany http://www.fokus.fraunhofer.de
- University of Oslo (NRCCL), Norway
- smartesting, France http://www.smartesting.com
- Software AG, Germany http://www.softwareag.com
- infoworld, Romania http://www.infoworld.ro