Journal
20TH IEEE INTERNATIONAL CONFERENCE ON BUSINESS INFORMATICS (IEEE CBI 2018), VOL 2
Volume -, Issue -, Pages 52-61Publisher
IEEE
DOI: 10.1109/CBI.2018.10046
Keywords
Requirements specification; Cyber-security; Catalogue of security requirements
Categories
Funding
- FCT [UID/CEC/50021/2013]
Ask authors/readers for more resources
With the increasing number of cyber-attacks, organizations are giving more importance to secure their systems. Security shall be considered from the very beginning, including requirement engineering processes to prevent common vulnerabilities as well to avoid re-work costs. However, there is not yet an appropriate approach to specify such security requirements in a rigorous and systematic way. Such approach would allow defining and specifying security-specific concepts like vulnerabilities, threats or attacks. In addition, it would support the catalogue structure with reusable security requirements. The strategy we follow to address this challenge involves the following aspects: First, we decide to use the recent RSLingo RSL language as the underline for a rigorous requirements specification language. Second, we extend this language by including security-specific concepts with a comprehensive requirements classification schema involving the following aspects: solution versus problem, abstract versus concrete and positive versus negative requirements. Third, we apply this extended language with an illustrative sample of security requirements and other concepts, which can be easily reused and extended by the community. The current version of this catalogue aggregates 20 packages, one of which is the privacy concerns package that is the focus of this paper and includes currently 51 security requirements, 27 vulnerabilities, and 21 threats.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available