A Readiness Model for Security Requirements Engineering

The focus on secure software development has been growing steadily in all phases of the software development life cycle. Security awareness in the requirements engineering stage of software development is important in building secure software. One of the major issues faced by the software industry i...

Full description

Bibliographic Details
Main Authors: Yusuf Mufti, Mahmood Niazi, Mohammad Alshayeb, Sajjad Mahmood
Format: Article
Language:English
Published: IEEE 2018-01-01
Series:IEEE Access
Subjects:
Online Access:https://ieeexplore.ieee.org/document/8364540/
id doaj-6ae23f6075004739ac9d74d117163650
record_format Article
spelling doaj-6ae23f6075004739ac9d74d1171636502021-03-29T20:50:44ZengIEEEIEEE Access2169-35362018-01-016286112863110.1109/ACCESS.2018.28403228364540A Readiness Model for Security Requirements EngineeringYusuf Mufti0Mahmood Niazi1Mohammad Alshayeb2https://orcid.org/0000-0001-7950-0099Sajjad Mahmood3https://orcid.org/0000-0001-5786-5118Department of Information and Computer Science, King Fahd University of Petroleum and Minerals, Dhahran, Saudi ArabiaDepartment of Information and Computer Science, King Fahd University of Petroleum and Minerals, Dhahran, Saudi ArabiaDepartment of Information and Computer Science, King Fahd University of Petroleum and Minerals, Dhahran, Saudi ArabiaDepartment of Information and Computer Science, King Fahd University of Petroleum and Minerals, Dhahran, Saudi ArabiaThe focus on secure software development has been growing steadily in all phases of the software development life cycle. Security awareness in the requirements engineering stage of software development is important in building secure software. One of the major issues faced by the software industry is that many organizations undertake secure software development initiatives without knowing whether they are ready to undertake them. Currently, there is no model to measure the readiness of security requirements engineering in an organization. The objective of this paper is to develop a security requirements engineering readiness model (SRERM) to enable organizations to assess their security requirements engineering (SRE) readiness levels. In order to achieve this goal, a systematic mapping study was conducted to identify the relevant studies in the SRE domain. A total of 104 primary studies were identified, and available evidence was synthesized into 12 security requirements categories and 76 best practices to build a SRERM. Initially, two case studies were conducted in order to evaluate the SRERM in a real-world environment. Based on the outcomes of the two case studies, some modifications were proposed to further improve the SRERM. After modifying the SRERM, two more case studies were conducted in order to evaluate the modifications made to the SRERM. The case study results indicate that the SRERM has the ability to identify the readiness levels of SRE in the software industry.https://ieeexplore.ieee.org/document/8364540/Readiness modelsecure requirements engineering
collection DOAJ
language English
format Article
sources DOAJ
author Yusuf Mufti
Mahmood Niazi
Mohammad Alshayeb
Sajjad Mahmood
spellingShingle Yusuf Mufti
Mahmood Niazi
Mohammad Alshayeb
Sajjad Mahmood
A Readiness Model for Security Requirements Engineering
IEEE Access
Readiness model
secure requirements engineering
author_facet Yusuf Mufti
Mahmood Niazi
Mohammad Alshayeb
Sajjad Mahmood
author_sort Yusuf Mufti
title A Readiness Model for Security Requirements Engineering
title_short A Readiness Model for Security Requirements Engineering
title_full A Readiness Model for Security Requirements Engineering
title_fullStr A Readiness Model for Security Requirements Engineering
title_full_unstemmed A Readiness Model for Security Requirements Engineering
title_sort readiness model for security requirements engineering
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2018-01-01
description The focus on secure software development has been growing steadily in all phases of the software development life cycle. Security awareness in the requirements engineering stage of software development is important in building secure software. One of the major issues faced by the software industry is that many organizations undertake secure software development initiatives without knowing whether they are ready to undertake them. Currently, there is no model to measure the readiness of security requirements engineering in an organization. The objective of this paper is to develop a security requirements engineering readiness model (SRERM) to enable organizations to assess their security requirements engineering (SRE) readiness levels. In order to achieve this goal, a systematic mapping study was conducted to identify the relevant studies in the SRE domain. A total of 104 primary studies were identified, and available evidence was synthesized into 12 security requirements categories and 76 best practices to build a SRERM. Initially, two case studies were conducted in order to evaluate the SRERM in a real-world environment. Based on the outcomes of the two case studies, some modifications were proposed to further improve the SRERM. After modifying the SRERM, two more case studies were conducted in order to evaluate the modifications made to the SRERM. The case study results indicate that the SRERM has the ability to identify the readiness levels of SRE in the software industry.
topic Readiness model
secure requirements engineering
url https://ieeexplore.ieee.org/document/8364540/
work_keys_str_mv AT yusufmufti areadinessmodelforsecurityrequirementsengineering
AT mahmoodniazi areadinessmodelforsecurityrequirementsengineering
AT mohammadalshayeb areadinessmodelforsecurityrequirementsengineering
AT sajjadmahmood areadinessmodelforsecurityrequirementsengineering
AT yusufmufti readinessmodelforsecurityrequirementsengineering
AT mahmoodniazi readinessmodelforsecurityrequirementsengineering
AT mohammadalshayeb readinessmodelforsecurityrequirementsengineering
AT sajjadmahmood readinessmodelforsecurityrequirementsengineering
_version_ 1724194050797469696