A Framework to Reason about the Legal Compliance of Security Standards

Bartolini, Cesare; Giurgiu, Andra; Lenzini, Gabriele; Robaldo, Livio

Reference : A Framework to Reason about the Legal Compliance of Security Standards


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Multidisciplinary, general & others
	Focus Areas :	Law / European Law
	To cite this reference:	http://hdl.handle.net/10993/28786

Title :	A Framework to Reason about the Legal Compliance of Security Standards
Language :	English
Author, co-author :	Bartolini, Cesare [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
	Giurgiu, Andra [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
	Lenzini, Gabriele [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Robaldo, Livio [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
Publication date :	Nov-2016
Main document title :	Proceedings of the Tenth International Workshop on Juris-informatics (JURISIN)
Peer reviewed :	Yes
On invitation :	No
Audience :	International
Event name :	Tenth International Workshop on Juris-informatics (JURISIN)
Event date :	from 14-11-2016 to 15-11-2016
Event place (city) :	Kanagawa
Event country :	Japan
Keywords :	[en] Legal compliance ; Legal requirements ; Security standards ; General Data Protection Regulation
Abstract :	[en] Achieving compliance with legal regulations is no easy task. Normally, laws state general requirements but do not provide clear parameters to determine when such requirements are met. On a different level, industrial standards and best practices define specific objectives that can be certified by means of auditing procedures from qualified bodies. Implementing a standard does not per se guarantee legal compliance, with the rare exception when the standard is also endorsed by the law itself. But standards and laws in the same domain may have overlaps and correlations, so adopting the former may provide an argument to demonstrate that adequate measures were taken to achieve legal compliance. In this paper, we introduce a framework that, using state-of-the-art Natural Language Semantics techniques, helps process legal documents and standards to build a knowledge base to store their logic representations, and the correlations between them. The knowledge base will help legal experts assess what requirements of the law are met by the standard and, consequently, recognize what requirements still need to be implemented to fill the remaining gaps. An application of the framework is exemplified by comparing a provision of the European General Data Protection Regulation against the ISO/IEC 27001:2013 standard.
Target :	Researchers ; Professionals ; Others
Permalink :	http://hdl.handle.net/10993/28786
Framework Programme / European Project :	H2020 ; 690974 - MIREL - MIREL - MIning and REasoning with Legal texts

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	main.pdf		Author postprint	510.56 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices