Requirements Elicitation Approach for Cyber Security Systems

Issa Atoum*
*Assistant Professor, Information Technology, The World Islamic Sciences and Education University, Amman, Jordan.
Periodicity:January - March'2016
DOI : https://doi.org/10.26634/jse.10.3.4898

Abstract

Requirements elicitation is considered the most important step in software engineering. There are several techniques to elicit requirements, however they are limited. Most approaches are general qualitative approaches. Thus, they do not suite specific software domain, such as cyber security. This article proposes a new technique to elicit requirements from cyber security strategies. The approach is able to formally define requirements' strengths, and link them with respective analyst's expertise. Consequently, management can easily select the appropriate requirements to be implemented. The use of the proposed approach on a selected cyber security domain showed its applicability on cyber security framework implementations.

Keywords

Software Requirement, Requirements Elicitation, Cyber Security Frameworks, Strategic Implementation.

How to Cite this Article?

Atoum, I. (2016). Requirements Elicitation Approach for Cyber Security Systems. i-manager’s Journal on Software Engineering, 10(3), 1-5. https://doi.org/10.26634/jse.10.3.4898

References

[1]. Alexander, I. (2003). “Misuse cases: use cases with hostile intent”. IEEE Software, Vol.20, No.1, pp.58-66. doi:10.1109/MS.2003.1159030
[2]. Alsaleh, S., & Haron, H. (2016). “The Most Important Functional and Non-Functional Requirements of Knowledge Sharing System at Public Academic Institutions: A Case Study”. Lecture Notes on Software Engineering, Vol.4, No.2, pp.157.
[3]. Atoum, I., & Otoom, A. (2016). Holistic Cyber Security Implementation Frameworks: A Case Study of Jordan.
[4]. Atoum, I., Otoom, A. A., & Abu Ali, A. (2012). “A Holistic Cyber Security Implementation Framework” . International Journal of Information Security, Vol.22, No.3, pp.251-264, doi:10.1108/IMCS-02-2013-0014
[5]. Brooke, P. J., & Paige, R. F. (2003). “Fault trees for security system design and analysis”. Computers & Security, Vol.22, No.3, pp.256-264. doi:http://dx.doi.org/ 10.1016/S0167-4048(03)00313-4
[6]. Firesmith, D. G. (2003). “Security Use Cases”. Journal of Object Technology, Vol.2, No.3.
[7]. Hatebur, D., Heisel, M., & Schmidt, H. (2006). “Security Engineering using Problem Frames”. Emerging Trends in Information and Communication Security, International Conference, ETRICS 2006, Freiburg, Germany, June 6-9, 2006. Proceedings. In G. Müller (Ed.), pp.238-253. Berlin, Heidelberg: Springer Berlin Heidelberg. doi:10.1007/11766155_17
[8]. Kitapci, H., & Boehm, B. W. (2007). “Formalizing Informal Stakeholder Decisions-A Hybrid Method th Approach”. In System Sciences, 2007. HICSS 2007. 40 Annual Hawaii International Conference, pp.283c-283c. doi:10.1109/HICSS.2007.233
[9]. Li, T., Horkoff, J., Beckers, K., Paja, E., & Mylopoulos, J. (2015a). “A holistic approach to security attack modeling and analysis”. In Proceedings of the Eighth International i* Workshop (2015, to be published).
[10]. Li, T., Horkoff, J., Paja, E., Beckers, K., & Mylopoulos, th J. (2015b). “The Practice of Enterprise Modeling”. 8 IFIP WG 8.1. Working Conference Proceedings, PoEM 2015, Valencia, Spain, November 10-12, 2015. In J. Ralyté, S. España, & Ó. Pastor (Eds.), (pp. 75-90). Cham: Springer International Publishing. doi:10.1007/978-3-319-25897- 3_6
[11]. Lindquist, C. (2005). “Required: Fixing the requirements mess”. CIO, Vol.19, No.4, pp.1.
[12]. Martins, L. E. G., & de Oliveira, T. (2014). “A case study using a protocol to derive safety functional requirements from Fault Tree Analysis”. In Requirements n d Engineering Conference (RE), 2014 IEEE 22 International, pp.412–419. doi:10.1109/RE.2014. 6912292
[13]. McDermott, J., & Fox, C. (1999). “Using abuse case models for security requirements analysis”. In Computer Security Applications Conference, 1999, (ACSAC '99) th Proceedings. 15 Annual, pp. 55-64. doi:10.1109/CSAC. 1999.816013
[14]. Nuseibeh, B., Kramer, J., & Finkelstein, A. (2003). “View Points: meaningful relationships are difficult”. th Proceedings of 25 International Conference on Software Engineering, IEEE. pp.676-681. doi:10.1109/ICSE.2003. 1201254
[15]. Otoom, A., & Atoum, I. (2013). “An Implementation Framework (IF) for the National Information Assurance and Cyber Security Strategy (NIACSS) of Jordan”. The International Arab Journal of Information Technology, Vol.10, No.4.
[16]. Salem, A. M. (2010). “Requirements Analysis through Viewpoints Oriented Requirements Model (VORD)”. International Journal of Advanced Computer Science and Applications, Vol.1, No.5, pp.6-13. Retrieved from http://www.thesai.info/Downloads/Volume1No5/Paper 2- Requirements Analysis through Viewpoints Oriented Requirements Model (VORD).pdf
[17]. Sedelmaier, Y., & Landes, D. (2014). “Using business process models to foster competencies in requirements engineering”. In Software Engineering Education and th Training (CSEE T), 2014 IEEE 27 Conference, pp.13-22. doi:10.1109/CSEET.2014.6816776
[18]. Sindre, G., & Opdahl, A. L. (2001). Capturing security requirements through misuse cases. NIK 2001, Norsk Informatik konferanse 2001, Http://www. Nik. no/2001.
[19]. Yoshioka, N., Washizaki, H., & Maruyama, K. (2008). “A survey on security patterns”. Progress in Informatics, Vol.5, No.5, pp.35-47.
[20]. Zave, P. (1997). “Classification of Research Efforts in Requirements Engineering”. ACM Comput. Surv., Vol.29, No.4, pp.315-321. doi:10.1145/267580.267581
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.