Requirements specification of a cloud service for Cyber Security compliance analysis

Abstract

This paper presents the practical exploitation of a goal-oriented methodology for requirements specification, called GOReM, for an application scenario involving the development of a cloud service offering a functionality of compliance analysis in the business model of Security as a Service (SecaaS). The requirements specification for this scenario emerged as a real need inside a large industrial project on the field of Cyber Security. GOReM has allowed to achieve in a lean, yet accurate, way the analysis of such a complex scenario, where non-functional requirements, coming from rules and regulations in force in different countries, complicate the handling of a cloud service which might be usable worldwide.