A Methodological Approach to Evaluate Security Requirements Engineering Methodologies: Application to the IREHDO2 Project Context

Autor: Romain Laborde, Sravani Teja Bulusu, Ahmad Samer Wazan, Arnaud Oglaza, Abdelmalek Benzekri
Jazyk: angličtina
Rok vydání: 2021
Předmět:
Zdroj: Journal of Cybersecurity and Privacy, Vol 1, Iss 3, Pp 422-452 (2021)
Druh dokumentu: article
ISSN: 2624-800X
DOI: 10.3390/jcp1030022
Popis: An effective network security requirement engineering is needed to help organizations in capturing cost-effective security solutions that protect networks against malicious attacks while meeting the business requirements. The diversity of currently available security requirement engineering methodologies leads security requirements engineers to an open question: How to choose one? We present a global evaluation methodology that we applied during the IREHDO2 project to find a requirement engineering method that could improve network security. Our evaluation methodology includes a process to determine pertinent evaluation criteria and a process to evaluate the requirement engineering methodologies. Our main contribution is to involve stakeholders (i.e., security requirements engineers) in the evaluation process by following a requirement engineering approach. We describe our experiments conducted during the project with security experts and the feedback we obtained. Although we applied it to evaluate three requirements engineering methods (KAOS, STS and SEPP) in the context of network security, our evaluation methodology can be instantiated in other contexts and other methods.
Databáze: Directory of Open Access Journals