Enterprise Assets Security Requirements Construction from ESRMG Grammar based on Security Patterns

One of the highest priorities of system requirements needed in software development industry is security requirements. However, to identify the complete and correct software security requirements are a challenging task especially creating enterprise assets security requirements. Enterprise assets security requirements are to identify security basic needs, to assess risks, to establish security approach and service, and to specify external enterprise consideration including confidentiality, integrity, availability, and accountability concerns. Moreover, these may be applied to other security requirements such as identification and authentication, access control, firewall architecture, etc. Security patterns may be used to create this security requirements but understanding, analyzing and transforming from security patterns to security requirements are difficult to accomplish. We proposed a grammar, called ESRMG (enterprise security and risk management grammar), and a prototyping tool based on security patterns in a scope of enterprise asset identification and risk managements which are the fundamental of enterprise security requirements. The proposed grammar and tool are beneficial for any organization to construct enterprise security requirements and may help reduce cost and time in overall of system development.