Security Requirements Elicitation from Engineering Governance, Risk Management and Compliance
[Context and motivation:] There is a variety of sources from which security requirements may be derived, typically pertaining to fields such as software engineering, information systems risk assessment, security auditing, compliance management, IT governance etc. Several approaches, especially in the software engineering domain, have already investigated security requirements within a broader scope, including results from risk management. [Question/problem:] Identifying security requirements according to just one of these fields might not suffice – opportunities of integration and enrichment must be investigated. [Principal ideas/results:] Our proposal advocates a convergence of different security requirements sources towards their richer specification, based on semantic technology. [Contribution:] Through this vision paper, we sketch the outline for a new perspective on eliciting security requirements, based on knowledge-driven integration of approaches from software engineering, risk assessment, governance and compliance.
KeywordsSecurity requirements Risk assessment Governance Compliance GRC framework Resource Description Framework
The work presented in this paper is supported by the Romanian National Research Authority, UEFISCDI, grant PN-III-P2-2.1-PED-2016-1140.
- 2.W3C: RDF 1.1 concepts and abstract syntax (2014). https://www.w3.org/TR/rdf11-concepts/. Accessed 17 Sept 2017
- 7.Vunk, M., Mayer, N., Matulevičius, R.: A framework for assessing organisational IT governance, risk and compliance. In: Mas, A., Mesquida, A., O’Connor, R.V., Rout, T., Dorling, A. (eds.) SPICE 2017. CCIS, vol. 770, pp. 337–350. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67383-7_25 CrossRefGoogle Scholar
- 8.Schmitt, C., Liggesmeyer, P.: A model for structuring and reusing security requirements sources and security requirements. In: REFSQ Workshops, pp. 34–43 (2015)Google Scholar
- 13.Karagiannis, D., Buchmann, R.A., Walch, M.: How can diagrammatic conceptual modelling support knowledge management? In: Proceedings of the 25th European Conference on Information Systems (ECIS), AISel, pp. 1568–1583, Guimarães (2017)Google Scholar
- 14.OMiLAB: Bee-Up tool. http://austria.omilab.org/psm/content/bee-up/info. Accessed 17 Sept 2017
- 16.SecureTropos Modelling Toolkit. http://austria.omilab.org/psm/content/sectro/info. Accessed 17 Sept 2017
- 17.BOC-Group, ADOxx tool. http://www.adoxx.org/live/. Accessed 17 Sept 2017