“…The two main approaches being used by researchers for establishing security requirements are the threat analysis-based approach and the evaluation criteria-based approach. Threat analysis is essential and has been studied intensively by reseachers (Debar et al, 2006;Thomson & von Solms, 1998;von Solms, 1996;von Solms et al, 1994;White, Fisch, & Pooch, 1996;Whitman, 2004). However, as evaluation processes for computing environment security evolved and computing technologies progressed, the standard evaluation criteria-based approach gained in popularity among researchers.…”