Organizations using personal data in areas such as in Health Information Systems have, in recent years, shown an increasing interest in the correct protection of these data. It is not only important to define security measures for these sensitive data, but also to define strategies to audit their fulfilment. Although standardisation organisations have defined recommendations and standards related to security and audit controls, no methodological frameworks proposing the audit of these sensitive data have been described. This paper presents a methodology with which to audit personal data protection, using Requirements Engineering and based on CobiT. This methodology has been validated in four real case studies.

• 出版日期2010-6