Title :
Security requirements engineering: when anti-requirements hit the fan
Author :
Crook, Robert ; Ince, Darrel ; Lin, Luncheng ; Nuseibeh, Bashar
Author_Institution :
Dept. of Comput., Open Univ., Milton Keynes, UK
Abstract :
Everyone agrees that security is a problem, ranging from Microsoft to the banks that have been recent victims of rogue traders. What is paradoxical is that there does not seem to be a wholehearted commitment by both academics and industry to treat this topic systematically at the top level of requirements engineering. Our vision is of a future in which we inform the security requirements engineering process by organisational theory. This would act as the bridge between the well-ordered world of the software project informed by conventional requirements and the unexpected world of anti-requirements associated with the malicious user. We frame a vision for the requirements engineering community that would involve the community solving six difficult problems.
Keywords :
formal specification; security of data; systems analysis; anti-requirements; information security; malicious user; organisational theory; security requirements engineering; software project; Access control; Availability; Bridges; Electrical equipment industry; Face detection; Information security; Information systems; Maintenance engineering; Privacy; Protection;
Conference_Titel :
Requirements Engineering, 2002. Proceedings. IEEE Joint International Conference on
Print_ISBN :
0-7695-1465-0
DOI :
10.1109/ICRE.2002.1048527
