Secure Web Application Development and Global Regulation

The World Wide Web (WWW) has been predominantly responsible for instigating radical paradigm transformations in today's global information rich civilizations. Many societies have basic operational economical components that depend on Web enabled systems in order to support daily commercial activities. The acceptance of E-commerce as a valid channel for conducting business coupled with societal integration and dependence on Web enabled technology has instigated the development of local, national, and global efforts to regulate criminal activities on the World Wide Web. This paper makes two contributions. The first contribution is the high-level review of the United States and United Kingdom legislation that has developed from the escalation and integration of the World Wide Web into society. The second contribution is the support for the idea that legislative compatibility, in concert with an organization' s policy compatibility, needs to be acknowledged in secure Web application development methodologies

[1]  Rodney McKemmish,et al.  What is forensic computing , 1999 .

[2]  Mark Crichard UK Electronic Communications Act 2000: Electronic Communications Act 2000 - Take-off Time for E-Business or a Missed Opportunity? , 2000, Comput. Law Secur. Rev..

[3]  Ray Welland,et al.  Web Engineering Security: Essential Elements , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[4]  John D. Moteff Computer Security: A Summary of Selected Federal Laws, Executive Orders, and Presidential Directives , 2004 .

[5]  I. Walden Crime and Security in Cyberspace , 2005 .

[6]  Eduardo B. Fernández,et al.  A Methodology for Secure Software Design , 2004, Software Engineering Research and Practice.

[7]  Steven B. Lipner,et al.  The trustworthy computing security development lifecycle , 2004, 20th Annual Computer Security Applications Conference.

[8]  Winn Schwartau,et al.  Information Warfare: Cyberterrorism: Protecting Your Personal Security in the Electronic Age , 1996 .

[9]  Ray Welland,et al.  Web development evolution: the business perspective on security , 2006 .

[10]  Susan Hansche,et al.  Official (ISC)2 Guide to the CISSP Exam , 2003 .

[11]  Gary Mcgraw Software security , 2004, IEEE Security & Privacy Magazine.

[12]  R. Aldrich The International Legal Implications of Information Warfare , 1996 .

[13]  D. Stephens The Sarbanes‐Oxley Act , 2005 .

[14]  R. Priest Data Protection Act , 1988 .

[15]  cyberdetective Convention on Cybercrime , 2007 .

[16]  Linda S. Spedding,et al.  The Sarbanes-Oxley Act of 2002 , 2009 .

[17]  Gerhard Steinke,et al.  Data privacy approaches from US and EU perspectives , 2002, Telematics Informatics.

[18]  United Kingdom Parliament,et al.  Regulation of Investigatory Powers Act 2000 , 2000, The United Kingdom's Legal Responses to Terrorism.

[19]  K. Schwalm National Strategy to Secure Cyberspace , 2006 .

[20]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[21]  Gerald L. Kovacich Information warfare and the information systems security professional , 1997, Comput. Secur..

[22]  Chris Franke Family Educational Rights and Privacy Act (FERPA) , 2007, Journal of empirical research on human research ethics : JERHRE.

[23]  Ian Walden Harmonising Computer Crime Laws in Europe , 2004 .