Requirements Elicitation Introduction

Abstract

Using an elicitation method can help in producing a consistent and complete set of security requirements. However, brainstorming and elicitation methods used for ordinary functional (end-user) requirements usually are not oriented toward security requirements and do not result in a consistent and complete set of security requirements. The resulting system is likely to have fewer security exposures when security requirements are elicited in a systematic way.In this article we briefly discuss a number of elicitation methods and the kind of tradeoff analysis that can be done to select a suitable one. Companion case studies can be found in Requirements Elicitation Case Studies. While results may vary from one organization to another, the discussion of our selection process and various methods should be of general use. Requirements elicitation is an active research area, and we expect to see advances in this area in the future. We expect that eventually there will be studies measuring which methods are mosteffective for eliciting security requirements. At present, however, there is little if any data comparing the effectiveness of different methods for eliciting security requirements.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2006
Accession Number
AD1180039

Entities

People

  • Nancy R. Mead

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Biomedical

DTIC Thesaurus Topics

  • California
  • Case Studies
  • Commerce
  • Computer Programming
  • Computers
  • Department Of Defense
  • Electronic Commerce
  • Engineering
  • Homeland Security
  • Information Systems
  • Life Cycles
  • New York
  • Object Oriented Programming
  • Security
  • Software Development
  • Test And Evaluation
  • United States

Fields of Study

  • Computer science

Readers

  • Software Engineering.