A systematic review of security requirements engineering

Mellado, Daniel; Blanco, Carlos; Sánchez, Luís Enrique; Fernández‐Medina, Eduardo

doi:10.1016/j.csi.2010.01.006

Cited by 152 publications

(89 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…An overview and comparison of SRE methods can be found in [39] and [40]. Many of them are designed to analyze the problem space in systematic ways in order to identify threats, weaknesses, vulnerabilities, and attacks.…”

Section: Sre Methodsmentioning

confidence: 99%

Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

Schmitt

Liggesmeyer

2015

CSIMQ

View full text Add to dashboard Cite

Abstract. This paper presents a model for structuring and reusing security requirements sources. The model serves as blueprint for the development of an organization-specific repository, which provides relevant security requirements sources, such as security information and knowledge sources and relevant compliance obligations, in a structured and reusable form. The resulting repository is intended to be used by development teams during the elicitation and analysis of security requirements with the goal to understand the security problem space, incorporate all relevant requirements sources, and to avoid unnecessary effort for identifying, understanding, and correlating applicable security requirements sources on a project-wise basis. We start with an overview and categorization of important security requirements sources, followed by the description of the generic model. To demonstrate the applicability and benefits of the model, the instantiation approach and details of the resulting repository of security requirements sources are presented.

show abstract

Section: Sre Methodsmentioning

confidence: 99%

Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

Schmitt

Liggesmeyer

2015

CSIMQ

View full text Add to dashboard Cite

show abstract

“…Following Fabian et al [3], Mellado et al [4] and Salini et al [5], we give the main characteristics of these methods:…”

Section: The Security Requirements Engineering Methods Reviewedmentioning

confidence: 99%

“…This characteristic is divided in integration of standards and main contributions [4]. -Security Properties: indicates the security properties accomplish by a SRE method [3].…”

Section: The Security Requirements Engineering Methods Reviewedmentioning

confidence: 99%

See 1 more Smart Citation

A Review of Security Requirements Engineering Methods with Respect to Risk Analysis and Model-Driven Engineering

Muñante

Chiprianov

Gallon

et al. 2014

Advanced Information Systems Engineering

View full text Add to dashboard Cite

Part 1: Cross-Domain Conference and Workshop on Multidisciplinary Research and Practice for Information Systems (CD-ARES 2014): Software SecurityInternational audienceOne of the most important aspects that help improve the quality and cost of secure information systems in their early stages of the development lifecycle is Security Requirements Engineering (SRE). However, obtaining such requirements is non-trivial. One domain dealing also with eliciting security requirements is Risk Analysis (RA). Therefore, we perform a review of SRE methods in order to analyse which ones are compatible with RA processes. Moreover, the transition from these early security requirements to security policies at later stages in the lifecycle is generally non-automatic, informal and incomplete. To deal with such issues, model-driven engineering (MDE) uses formal models and automatic model transformations. Therefore, we also review which SRE methods are compatible with MDE approaches. Consequently, our review is based on criteria derived partially from existing survey works, further enriched and specialized in order to evaluate the compatibility of SRE methods with the disciplines of RA and MDE. It summarizes the evidence regarding this issue so as to improve understanding and facilitate evaluating and selecting SRE methods

show abstract

“…Security and privacy issues is dealt when the system has been designed and put into operation [3]. Many researchers highlighted that reducing security issues has become important.…”

Section: Problem Statementmentioning

confidence: 99%

Improving Security And Privacy Requirement For Business Registration System (BRS)

Daud¹,

Pa²,

Foozy³

2017

Acta inform. Malays.

View full text Add to dashboard Cite

show abstract

A systematic review of security requirements engineering

Cited by 152 publications

References 15 publications

Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

A Review of Security Requirements Engineering Methods with Respect to Risk Analysis and Model-Driven Engineering

Improving Security And Privacy Requirement For Business Registration System (BRS)

Contact Info

Product

Resources

About