IMPROVING SECURITY AND PRIVACY REQUIREMENT FOR BUSINESS REGISTRATION SYSTEM (BRS)

This paper explains the security and privacy requirement in Business Registration System (BRS) hosted at a government institution. These requirements will be used in an improvement for the system security and privacy requirement in BRS


INTRODUCTION
Security is about prevention of several difficulties due to the presence of attackers performing malicious activities and software security is definitely a complex task due to several reasons such as rapid development in networking, systems are easily extensible and the rise of system complexity.Security and privacy is one of primary concern and provide a trustworthy for computing environment.Security and privacy is a most essential concept for understanding level of secure software and also to guarantee user satisfaction.Security and privacy is a serious problem in software development, and may become much worse in the future [1].This is due to millions of dollars in losses are the result of attacks on unsecured system.Realizing security issues during the requirement phase can help to tackle the risks in order to avoid rework, to ensure time and effort consuming for software development.Security and privacy requirement may affect the functional of the system and needed to be satisfied in order to achieve the security attributes of an IT system.Hence, in development of web based application such as e-commerce, hotel reser-vation, health operation system and business registration system should also take consideration on security and privacy matters.Business Registration System (BRS) is an online application available 24 x 7 to facilitate the citizen of Malaysia to register and acquire approval and certifica-tion for their business activities.Despite that this online channel increasingly became very popu-lar, there are few issues regarding security and privacy parameters that need to take into consid-eration such as authentication, encryption, confidentiality, authorization, access control, integrity and availability.

PROBLEM STATEMENT
Security and privacy issues are becoming major concerns in the design of software systems [2].Security and privacy issues is dealt when the system has been designed and put into operation [3].Many researchers highlighted that reducing security issues has become important.They sug-gested the security must be integrated into the software development life cycle from the begin-ning phase and continue until the product is in use [4,5,1].Misspecification in requirement anal-ysis is one of factors that contribute to unsecured system [6].End users are exposed to several security and privacy risks when they using web browsers which compromise the security of a client via information such as login name or machine name which can be collected and used to profile the user [7].

OBJECTIVES
The aims of this study are to identify the security and privacy requirement that applied in Busi-ness Registration System (BRS) hosted at a government institution to propose an improvement for the system security and privacy requirement.We believe that security and privacy requirements should be implemented in early stage of software development process.The study is focused for analyzing of security requirements implementation on Business Registration System (BRS) which is an online application system for business registration.The study will involve the practitioners during requirements analysis of software development.

METHOD
Previous research by other researchers reviewed and updated concurrently in order to ensure the latest knowledge in the similar work were related to the areas of research.In addition, findings from previous researchers could be compared and critique in this study.The theoretical study is an early step in finding information related to the security requirement implemented in the indus-try and doing a comparison of what been implemented in BRS.In this stage, literature review was performed and analyzed using content analysis method.Several information were gathered through detail document studies such as journals, books and websites in order to analyze the suitable guidelines that need to be considered while analyzing security and privacy requirements.Besides that, the Software Requirement Study (SRS) document produced by a government insti-tution become as main source of reference.

RESULTS
The proposed model for improving security and privacy requirements of MyBRS which followed the IEEE Standard 830-1998 guideline.Then, to further elaborate on security and privacy re-quirements the misuse case technique has been used.Throughout this study, issues regarding security requirement of the Business Registration System (BRS) has considered in terms of au-thentication and access control.The proposed model of MyBRS has been illustrated in Figure 1 where paraphrase and image authentication has been added as a way to countermeasure misuse case.

Figure 1 :
Figure 1: Proposed Model of MyBRS: Registration and Login Flow in