Presents best practices for security requirements engineering, including processes that are specific to eliciting, specifying, analyzing, and validating security requirements. Example processes include CLASP, SQUARE, and recent work by Nuseibeh et al. Specific techniques that are relevant to security requirements, such as development of misuse/abuse cases and attack trees and specification techniques such as SCR, are also discussed or referenced.
See also "Threat Modeling: Diving into the Deep End."
|An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods||2013-08-05||Nancy Mead, Travis Christian|
|The Common Criteria||2013-07-05||Nancy Mead|
|SQUARE Process||2013-07-05||Nancy Mead|
|Requirements Prioritization Case Study Using AHP||2013-07-05||Nancy Mead|
|"Requirements Elicitation Case Studies Using IBIS, JAD, and ARM"||2013-07-05||Nancy Mead|
|Introduction to the CLASP Process||2013-07-03||Dan Graham|
|Requirements Engineering Annotated Bibliography||2013-05-21||Nancy Mead|
|Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets||2013-05-13||Eric D. Hough, Hassan Osman, Jonathan Caulkins, Nancy Mead|
|Requirements Prioritization Introduction||2013-05-13||Nancy Mead|
|Requirements Elicitation Introduction||2013-05-13||Nancy Mead|
|Security Requirements Engineering||2010-07-14||Nancy Mead|