Damjan Fujs
Simon Vrhovec
Damjan Vavpotič
ABSTRACT
Security is an important software quality attribute albeit, as a nonfunctional requirement, often overlooked. Although several approaches for security requirements engineering exist, it is not clear how to adapt security requirements to software end users. This poster aims to fill in this gap by developing a novel approach for acquiring security requirements by leveraging end user analysis and a security body of knowledge. To achieve this aim, we divide security requirements into two categories. Software security requirements are those that need to be technically implemented in the developed software. Training security requirements are those that aim to provide the necessary training to the end users that need it. The proposed approach may help security experts in security requirements engineering tailored to the characteristics of end users.
- RJ Macasaet, Manuel Noguera, Maria Luisa Rodríguez, José Luis Garrido, Sam Supakkul, and Lawrence Chung. 2019. Micro-business Requirements Patterns in Practice: Remote Communities in Developing Nations. Journal of Universal Computer Science 25, 7 (2019), 764--787. https://doi.org/10.3217/jucs-025-07-0764Google Scholar
- Anže Mihelič, Matej Jevšček, Simon Vrhovec, and Igor Bernik. 2019. Testing the human backdoor: Organizational response to a phishing campaign. Journal of Universal Computer Science 25, 11 (2019), 1148--1477. https://doi.org/10.3217/jucs-025-11-1458Google Scholar
- Deepti Mishra and Samia Abdalhamid. 2019. Software Quality Issues in SCRUM: A Systematic Mapping. Journal of Universal Computer Science 24, 12 (2019), 1690--1716. https://doi.org/10.3217/jucs-024-12-1690Google Scholar
- Mahmood Niazi, Ashraf Mohammed Saeed, Mohammad Alshayeb, Sajjad Mahmood, and Saad Zafar. 2020. A maturity model for secure requirements engineering. Computers and Security 95 (2020), 101852. https://doi.org/10.1016/j.cose.2020.101852Google ScholarCross Ref
- Kathryn Parsons, Agata McCormac, Marcus Butavicius, Malcolm Pattinson, and Cate Jerram. 2014. Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). Computers and Security 42 (2014), 165--176. https://doi.org/10.1016/j.cose.2013.12.003Google ScholarCross Ref
- Ismini Vasileiou and Steven Furnell. 2019. Personalising Security Education: Factors Influencing Individual Awareness and AC. In Information Systems Security and Privacy: 4th International Conference, ICISSP 2018. Springer, Funchal, Madeira, Portugal, 315--321.Google Scholar
- Zhengshu Zhou, Qiang Zhi, Shuji Morisaki, and Shuichiro Yamamoto. 2020. An Evaluation of Quantitative Non-Functional Requirements Assurance Using Archi-Mate. IEEE Access 8 (2020), 72395--72410. https://doi.org/10.1109/ACCESS.2020.2987964Google ScholarCross Ref
Index Terms
A Novel Approach for Acquiring Training and Software Security Requirements
Recommendations
Secure Tropos framework for software product lines requirements engineering
Security and requirements engineering are two of the most important factors of success in the development of a software product line (SPL). Goal-driven security requirements engineering approaches, such as Secure Tropos, have been proposed as a suitable ...
Understanding the Role of Human-Related Factors in Security Requirements Elicitation
Requirements Engineering: Foundation for Software QualityAbstractContext and motivation: Many requirements engineering (RE) activities depend not only on the nature of the system itself, but also on human-centric characteristics of the RE teams.
Question/problem: What role do human-related factors of RE teams ...
A systematic review of security requirements engineering
One of the most important aspects in the achievement of secure software systems in the software development process is what is known as Security Requirements Engineering. However, very few reviews focus on this theme in a systematic, thorough and ...
Comments