U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.


Requirements Engineering

Presents best practices for security requirements engineering, including processes that are specific to eliciting, specifying, analyzing, and validating security requirements. Example processes include CLASP, SQUARE, and recent work by Nuseibeh et al. Specific techniques that are relevant to security requirements, such as development of misuse/abuse cases and attack trees and specification techniques such as SCR, are also discussed or referenced.

See also "Threat Modeling: Diving into the Deep End."

Title Updated datesort ascending
An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods 2013-08-05
The Common Criteria 2013-07-05
SQUARE Process 2013-07-05
Requirements Prioritization Case Study Using AHP 2013-07-05
"Requirements Elicitation Case Studies Using IBIS, JAD, and ARM" 2013-07-05
Introduction to the CLASP Process 2013-07-03
Requirements Engineering Annotated Bibliography 2013-05-21
Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets 2013-05-13
Requirements Prioritization Introduction 2013-05-13
Requirements Elicitation Introduction 2013-05-13
Security Requirements Engineering 2010-07-14
Back to Top