Requirements Engineering

Presents best practices for security requirements engineering, including processes that are specific to eliciting, specifying, analyzing, and validating security requirements. Example processes include CLASP, SQUARE, and recent work by Nuseibeh et al. Specific techniques that are relevant to security requirements, such as development of misuse/abuse cases and attack trees and specification techniques such as SCR, are also discussed or referenced.

See also "Threat Modeling: Diving into the Deep End."