Module 6

Question 1

Software Requirements Specification (SRS)

Answer 1

Detailed document that explains what a software application or system is supposed to do and how it should work. It serves as a guide for developers, designers, and stakeholders to make sure everyone understands the purpose, features, and behavior of the software before building it.

Question 2

Agile User Stories

Answer 2

Simple descriptions of a feature or function that the software should have, written from the perspective of the user. They help developers understand what the user needs and why, guiding them in building the right functionality. Think of user stories as little “to-do” tasks that describe what a user wants to do with the software, so that the team knows what to build. They are written in plain language, without technical jargon.

Question 3

Functional Requirements

Answer 3

Describe what a system or software must do. They specify the functions, features, or tasks that the software needs to perform to meet the user’s needs. These requirements focus on the behavior of the system and how it will handle different inputs, process data, and produce outputs. Functional requirements are like instructions that say, “This is what the software should be able to do.” They explain the tasks or actions the software will perform for users. For example, For a music streaming app, a functional requirement might be:

“The app should allow users to search for songs by title, artist, or album.”

This describes a specific function the app needs to have — the ability to search for music. Functional requirements help guide developers to build software that meets the user’s expectations.

Question 4

Nonfunctional Requirements

Answer 4

Describe how a system should perform rather than what it should do. These requirements focus on the quality attributes of the system, such as performance, security, usability, and reliability. They define the system’s behavior, ensuring it meets certain standards and operates smoothly. Nonfunctional requirements are like the rules for how well the software should work. They don’t describe what the software does but how fast, secure, or easy to use it should be. For example, a shopping website, a nonfunctional requirement might be:

“The website should load within 2 seconds for users with a standard internet connection.”

This doesn’t describe what the website does (like showing products or processing payments), but it sets a performance expectation — how fast the site should be for a good user experience. Nonfunctional requirements ensure the system meets quality benchmarks and operates efficiently under various conditions.

Question 5

Quality Attributes

Answer 5

Nonfunctional requirements used to evaluate how a system is performing. Privacy would be an example of a quality attribute.

Question 6

Identifiability

Answer 6

A privacy quality attribute and it is the extent to which a user is identified by an authentication system. An example of this if looking at how much personal information is collected by web server log files and configuring it to record less.

Question 7

Network Centricity

Answer 7

A privacy quality attribute and the extent to which personal information remains local to the client. An example of this would be a designer choosing to retain personal information on the client side and transfer it to complete the transaction (this minimizes unwanted disclosure and secondary use).

Question 8

Confidentiality

Answer 8

A privacy quality attribute and the extent to which personal information is accessible by others. In simple terms, it means keeping personal or sensitive data private and making sure that only people with permission can access it. An example would be implementing strong authentication methods (such as multi-factor authentication) and limiting access to sensitive patient information to only authorized medical staff in a healthcare app.

Question 9

Avaliability

Answer 9

A privacy quality attribute and means data is accessible when needed by an authorized entity within the organization or by the data subject.

Question 10

Integrity

Answer 10

A privacy quality attribute and is the extent to which the system maintains a reliable state with data free from error. This ensures that data is consistently accurate, complete, current and relevant to the purpose of the context. An example would be ensuring cross-checks to verify entries are correct.

Question 11

Mobility

Answer 11

A privacy quality attribute and is the extent to which a system moves from one location to another, as in laptop and mobile phone capabilities. An example would be increasing security around bring your own device programs.

Question 12

High Level Design

Answer 12

An overview or blueprint of how a software system will be structured. It describes the major components, modules, or systems, how they will interact, and the overall architecture of the project. It doesn’t go into deep technical details but focuses on how the big parts fit together. Think of High-Level Design as the plan for building a house. It shows where the rooms are, how they connect, and what the house will look like, but it doesn’t yet show every tiny detail like the wiring or plumbing. An example would be an an online shopping website, a High-Level Design might include:

*A User Interface component (what the users will see and interact with, like product pages and shopping carts).
*A Database component (where all the products, customer information, and orders will be stored).
*A Payment Gateway component (to handle transactions securely).
*A Recommendation System component (to suggest products to customers based on their browsing or purchase history).

The HLD would show how these components interact, such as how the User Interface communicates with the Database to display products or how the Payment Gateway processes payments. This provides a clear vision of the software’s structure without diving into specific code or implementation details.

Question 13

Low-Level Design

Answer 13

Is a detailed plan that explains how each component or module of the software system will be implemented. It breaks down the High-Level Design (HLD) into smaller, more detailed pieces, specifying things like data structures, algorithms, and the actual code logic. It focuses on how each part of the system works internally. Low-Level Design is like the detailed construction plan for each room in a house. It shows exactly how things like electrical wiring, plumbing, and furniture will be set up, getting into the fine details that will guide the actual building process. An example would be the online shopping website example, if the HLD specifies a User Interface component for displaying products, the LLD would:

*Define how the product data will be retrieved from the database (e.g., through SQL queries or API calls).
*Outline how the products will be displayed on the screen (e.g., HTML templates, CSS styles, and JavaScript functions for user interactions).
*Specify how error messages will be handled if a product is out of stock (e.g., error handling code).
*Detail the algorithms for sorting and filtering products based on price or rating.

Low-Level Design provides the instructions for how to write the actual code for each module, so developers know exactly how to implement each feature of the system.

Question 14

Loose coupling

Answer 14

Refers to designing different parts (or modules) of a system so that they are mostly independent of each other. This means changes in one part of the system won’t significantly affect or break other parts, making the system more flexible and easier to maintain. Loose coupling is like building with Lego blocks—each block can stand on its own and be changed or replaced without needing to rebuild the entire structure. The blocks work together, but they’re not tightly glued together. An example would be in an e-commerce website, you might have a Payment Module and an Order Processing Module. If these two modules are loosely coupled:

*The Payment Module can be updated to add a new payment method (like PayPal) without affecting how the Order Processing Module handles orders.
*They communicate with each other through a simple interface (like an API), but they don’t need to know the inner workings of each other.

This way, each module can be improved, fixed, or replaced without causing issues in the rest of the system.

Question 15

Information hiding

Answer 15

Identifies data that has been assigned to specific levels of classification and restricts access to that data via limited class functions.

Question 16

Reusing existing libraries of standard application programming interfaces (APIs)

Answer 16

Reduces the risk of defects in source code and can be used to improve privacy standards such as confidentiality and integrity.

Question 17

Controls

Answer 17

Are implemented by privacy technologists to minimize privacy risk.

Question 18

Architeture

Answer 18

A type of control that is to make it harder to identify specific individuals from the data and to spread out the control of that data. A privacy-first design reduces privacy risks by using data that doesn’t directly reveal who people are, like making it anonymous or using fake names. It also shifts more control to the users or clients, so their data is handled in a way that puts their privacy first.

Question 19

Security

Answer 19

A type of control in simple terms, once the overall design of a system is decided, security controls are put in place to protect the data. This means using strategies like hiding and protecting sensitive data by making it unreadable, such as through encryption. Depending on how the system is built, data might be encrypted at different stages when it’s collected and used, ensuring it’s secure across different areas or systems.

Question 20

Supervision

Answer 20

A type of control that allows a company to make sure that its privacy rules are being followed. It also helps the company prove that any outside partners or vendors are sticking to those same rules and procedures.

Question 21

Balance

Answer 21

A type of control that means using strategies to inform people and give them control over their data to reduce unfair advantages or power differences. When designing a system, privacy experts should think about whether the benefits of collecting and using the data are worth any possible risks, and if it’s fair, appropriate, and necessary to do so.

Question 22

Verification

Answer 22

Ensures the resultant system performs the way it is supposed to perform.

Question 23

Validation

Answer 23

Ensures the requirements satisfy the needs of the intended user base.

Question 24

Unit Testing

Answer 24

When you test small parts of a program, called “units,” to make sure they work as expected. It’s like checking individual pieces of a machine to ensure they function correctly before assembling the entire machine. The goal is to catch errors early, so they don’t cause bigger problems later. An example of this is imagine you are building a calculator app, and one part of it is the “add” function, which adds two numbers together. A unit test for this function would check if it correctly adds numbers like 2 + 2 to give 4. If the test fails (like it gives 5 instead of 4), you know there’s a problem with just that small part and can fix it before testing the whole app.

Question 25

Integration Testing

Answer 25

When you test how different parts or modules of a program work together. After checking that each small piece (or unit) works correctly on its own, you test how they function as a team. The goal is to catch any problems that might happen when these pieces are combined, like miscommunication between them. An example would be to imagine you’ve built a calculator app with separate functions for addition, subtraction, multiplication, and division. You’ve already tested each function individually (unit testing), but now you want to see how they work together. In integration testing, you would test a calculation that involves multiple operations, like 5 + 3 - 2 * 4. This helps ensure the different parts of the app interact correctly to produce the right result.

Question 26

System Testing

Answer 26

When you test the entire program or system as a whole to make sure everything works together correctly. It’s like testing a fully built car, not just the individual parts, to ensure it drives properly, all the features work, and there are no issues with the complete product. As an example, imagine you’ve built a calculator app. After testing the individual features (like addition and subtraction) and how they work together (integration testing), you now perform system testing. You test the whole app by trying various calculations, checking if the buttons respond correctly, making sure the display shows the right results, and seeing if it works well on different devices. This ensures that the entire calculator app functions properly from start to finish, just like a user would experience it.

Question 27

User Acceptance Testing

Answer 27

when real users or clients test a system or app to make sure it works the way they need it to before it’s officially launched. It’s like giving a customer a chance to try out a product to make sure it meets their expectations and does what they asked for. An example, Let’s say you’ve built a custom calculator app for a company. In user acceptance testing, the company’s employees use the app to perform calculations they typically need for work. If everything works as expected—like the app performs the calculations correctly, the interface is easy to use, and it fits their needs—then the app “passes” the test and is ready for release. If not, they can provide feedback on what needs to be fixed or improved.

Question 28

Code Reviews

Answer 28

Usually in-person meeting where code is reviewed. There are usually four roles:
o Moderator: Remains independent and serves to mediate.
o Reader: Reads code out load and offers questions to developer
o Developer: Author of the code; listens to review feedback and answer questions
o Privacy Specialist: Analyzes software implementation for privacy requirements.

Question 29

Runtime Behavior Monitoring

Answer 29

Analyzing usage and performance data in an ongoing process and for analyzing and monitoring. Collecting too much information is always a concern (especially personal informaton). To reduce the risk of unintentional collection of data, privacy must take thre steps: 1) Log Analysis, 2) Defect-tracking, and 3) Application Programming Interfaces (APIs).

Question 30

Log Analysis

Answer 30

Log analysis, in simple terms, is like reading a detailed diary that a computer or software writes about everything it does. This diary, called a “log,” keeps track of activities, such as when a program starts, any errors that happen, or who accessed certain data. By reading and analyzing these logs, people can find out if something went wrong, how it happened, and if someone tried to do something they shouldn’t have. It’s a way to understand the health and behavior of systems and catch issues before they become big problems.

A step to reducing unintential collection of personal data, developers may incorporate plans within their system design to regularly sanitize, summarize or destroy data collected in logs to remain compliant with retention requirements.

Question 31

Defect-tracking

Answer 31

Defect-tracking, in simple terms, is like keeping a to-do list for problems or bugs that show up in a computer program or system. Whenever a mistake or “defect” is found in how a program works, it gets written down and tracked. This list helps developers know what needs to be fixed, whether the problem has been solved, and if any new issues come up. It makes sure nothing gets forgotten and helps improve the program’s overall performance by keeping it free of bugs.

A step to reducing unintential collection of personal data, when a defects are detected by a user, it is often recorded in a defect tracker (which are often automated). Defect trackers may contain personal data being recorded; to address this, users should be allowed to review responses before submitting a report. In addition, any personal data collected should be encrypted.

Question 32

Application Programming Interfaces (API)

Answer 32

In simple terms, an API (Application Programming Interface) is like a waiter in a restaurant. Just like how a waiter takes your order, tells the kitchen, and then brings your food back, an API helps two different software programs talk to each other. It lets one program ask another program for information or to do something, without needing to know how the other program works inside. APIs make it easier for different apps, websites, or systems to work together smoothly, like ordering food from a menu in a way that both the customer and the kitchen understand.

A step to reducing unintential collection of personal data, APIs can lead to unintended collection and exposure of personal information. To reduce this risk, steps need to be taken to extend privacy protection to data collected and notifications need to be built in to indicate how personal data is collected and used.