Abstract. Security has turn out to be a necessity of information systems (ISs) and information per se. Nevertheless, existing practices report on numerous cases when security aspects were considered only at the end of the development process, thus, missing the systematic security analysis. Misuse case diagrams help identify security concerns at early stages of the IS development. Despite this fundamental advantage, misuse cases tend to be rather imprecise; they do not comply with security risk management strategies, and, thus, could lead to misinterpretation of the security-related concepts. Such limitations could potentially result in poor security solutions. This paper applies a systematic approach to understand how misuse case diagrams could help model organisational assets, potential risks, and security countermeasures to mitigate these risks. The contribution helps understand how misuse cases could deal with security risk management and support reasoning for security requirements and their implementation in the software system. Keywords: Security risk management, Misuse cases, Security engineering, Information system security
IntroductionDuring the last two decades, line between digital and social life is diminishing, leading that modern society is mainly dependent on information system (IS) and its security. The demand for IS security is constantly growing. Also developing and maintaining system security is increasingly gaining attention. Consideration of IS security at the early stages of software development is also acknowledged in [18]. The security breaches in IS can lead to the negative consequences. The practitioners of IS security must inspect security threats with a negative perspective from the very beginning of IS development process. Consideration of security at early development stages assists to analyse and estimate security measures of the IS to be developed. This paper discusses the security risk management at requirement elicitation and analysis stage. We will consider the question "how security risk management could be addressed using misuse case diagrams?". To answer this question we analyse misuse cases proposed by Sindre and Opdahl [18]. The misuse case diagrams [17,18] are one of the possible techniques to relate security analysis and functional requirements of software systems. The main goal is to model negative scenarios with respect to func-