Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

Christian Schmitt, Peter Liggesmeyer


This paper presents a model for structuring and reusing security requirements sources. The model serves as blueprint for the development of an organization-specific repository, which provides relevant security requirements sources, such as security information and knowledge sources and relevant compliance obligations, in a structured and reusable form. The resulting repository is intended to be used by development teams during the elicitation and analysis of security requirements with the goal to understand the security problem space, incorporate all relevant requirements sources, and to avoid unnecessary effort for identifying, understanding, and correlating applicable security requirements sources on a project-wise basis. We start with an overview and categorization of important security requirements sources, followed by the description of the generic model. To demonstrate the applicability and benefits of the model, the instantiation approach and details of the resulting repository of security requirements sources are presented.


Security requirements engineering, security engineering, security requirements sources, compliance

Full Text:


DOI: 10.7250/csimq.2015-3.02


1. Variable Contents of Enterprise Models
Marite Kirikova
Procedia Computer Science  vol: 104  first page: 89  year: 2017  
doi: 10.1016/j.procs.2017.01.077


  • There are currently no refbacks.

Copyright (c)