A Novel Approach for Acquiring Training and Software Security Requirements

Abstract

Security is an important software quality attribute albeit, as a nonfunctional requirement, often overlooked. Although several approaches for security requirements engineering exist, it is not clear how to adapt security requirements to software end users. This poster aims to fill in this gap by developing a novel approach for acquiring security requirements by leveraging end user analysis and a security body of knowledge. To achieve this aim, we divide security requirements into two categories. Software security requirements are those that need to be technically implemented in the developed software. Training security requirements are those that aim to provide the necessary training to the end users that need it. The proposed approach may help security experts in security requirements engineering tailored to the characteristics of end users.