To search, Click below search items.


All Published Papers Search Service


Realizing Compliance Tactics to Support Authentication Bridging gap between Software Architecture and Regulatory Requirements


Syeda Uzma Gardazi and Shehnila Zardari


Vol. 17  No. 5  pp. 337-345


Internationally Compliance is controlled by applicable Information Security regulations e.g. HIPAA. Countries e.g. United States (US) and European Union (EU) etc. have set regulatory and standard requirements to be met for the exchange of information internally or externally. Currently, cybercrime bill has been passed by the National Assembly Standing Committee on IT which is a reactive approach rather than proactive approach in absence of Data Protection Act. This paper suggests improvement in existing Pakistani Data Protection Act 2005 draft which should be published as a proactive approach to secure data within Pakistan. Further, authors introduced a new approach to embodying e-Authentication architectural tactics at software architecture. It will result in better compliance of regulations and standards Authentication requirements for information. The first step is cross-mapping of multiple standards and rules to identify various aspects of the e-Authentication regulatory requirement compliance. Next, we have addressed how software architecture will treat Authentication Compliance Attribute (CA) and Quality Attribute (QA). In addition, CA impact over QA is also being determined and evaluated using WebEHR portal and Health Level Seven (HL7) case study.


PCI DSS, ISO 27001:2013, ISO 9001: 2015, HIPAA, CMS, DEA, NIST, Pakistani Data Protection Act 2005 Draft, Authentication Assurance, Architectural Mechanism, and HL7.