May 1, 2013

CERIAS Security Seminar Series Talk

estimated reading time: 1 minute and 24 seconds.

At the end of March, I spoke at Purdue’s CERIAS Security Seminar Series, which has actually been around since I was an undergrad at Purdue. I’ve been watching it ever since. (My roommate at Purdue, Alex Russell, introduced me to the series, and I owe him a debt of gratitude for this.) The series itself is available on iTunes and through RSS. It’s worth subscribing.

My talk was about Regulatory Compliance Software Engineering, and it is a somewhat simplified version of my dissertation defense. Here’s the abstract:

Laws and regulations safeguard citizens’ security and privacy. For example, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) governs the security and privacy of electronic health records (EHR) systems. HIPAA violations can result in millions of dollars in penalties for non-compliance. Ensuring EHR systems are legally compliant is challenging for software engineers because the laws and regulations governing EHR systems are written by policymakers with little to no understanding of software engineering. This presentation introduces the field of Regulatory Compliance Software Engineering and discusses a particular research concern within that field: How can we help software engineers seeking to assess whether security and privacy requirements for EHR systems are legally compliant?

You can download the video from Purdue or watch an embedded version of it below. Please contact me if you have questions or just want to let me know what you thought of it!

If you would like to follow along with the slides, you can find them here: