Next Article in Journal
RSSI-Based MAC-Layer Spoofing Detection: Deep Learning Approach
Next Article in Special Issue
Extending the Quality of Secure Service Model to Multi-Hop Networks
Previous Article in Journal
An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors
Previous Article in Special Issue
CLAP: A Cross-Layer Analytic Platform for the Correlation of Cyber and Physical Security Events Affecting Water Critical Infrastructures
Article

A Methodological Approach to Evaluate Security Requirements Engineering Methodologies: Application to the IREHDO2 Project Context

1
IRIT/Université Paul Sabatier, 31062 Toulouse, France
2
Sopra Steria—I2S, 31772 Colomiers, France
3
CAT Department, College of Technological Innovation, Zayed University, Abu Dabi 4783, United Arab Emirates
*
Author to whom correspondence should be addressed.
Academic Editors: Isabel Praça, Silvio Ranise, Luca Verderame and Habtamu Abie
J. Cybersecur. Priv. 2021, 1(3), 422-452; https://doi.org/10.3390/jcp1030022
Received: 11 May 2021 / Revised: 9 June 2021 / Accepted: 23 June 2021 / Published: 13 July 2021
(This article belongs to the Special Issue Cyber-Physical Security for Critical Infrastructures)
An effective network security requirement engineering is needed to help organizations in capturing cost-effective security solutions that protect networks against malicious attacks while meeting the business requirements. The diversity of currently available security requirement engineering methodologies leads security requirements engineers to an open question: How to choose one? We present a global evaluation methodology that we applied during the IREHDO2 project to find a requirement engineering method that could improve network security. Our evaluation methodology includes a process to determine pertinent evaluation criteria and a process to evaluate the requirement engineering methodologies. Our main contribution is to involve stakeholders (i.e., security requirements engineers) in the evaluation process by following a requirement engineering approach. We describe our experiments conducted during the project with security experts and the feedback we obtained. Although we applied it to evaluate three requirements engineering methods (KAOS, STS and SEPP) in the context of network security, our evaluation methodology can be instantiated in other contexts and other methods. View Full-Text
Keywords: security requirement engineering; network security; KAOS; STS; SEPP; SABSA security requirement engineering; network security; KAOS; STS; SEPP; SABSA
Show Figures

Figure 1

MDPI and ACS Style

Laborde, R.; Bulusu, S.T.; Wazan, A.S.; Oglaza, A.; Benzekri, A. A Methodological Approach to Evaluate Security Requirements Engineering Methodologies: Application to the IREHDO2 Project Context. J. Cybersecur. Priv. 2021, 1, 422-452. https://doi.org/10.3390/jcp1030022

AMA Style

Laborde R, Bulusu ST, Wazan AS, Oglaza A, Benzekri A. A Methodological Approach to Evaluate Security Requirements Engineering Methodologies: Application to the IREHDO2 Project Context. Journal of Cybersecurity and Privacy. 2021; 1(3):422-452. https://doi.org/10.3390/jcp1030022

Chicago/Turabian Style

Laborde, Romain, Sravani T. Bulusu, Ahmad S. Wazan, Arnaud Oglaza, and Abdelmalek Benzekri. 2021. "A Methodological Approach to Evaluate Security Requirements Engineering Methodologies: Application to the IREHDO2 Project Context" Journal of Cybersecurity and Privacy 1, no. 3: 422-452. https://doi.org/10.3390/jcp1030022

Find Other Styles

Article Access Map by Country/Region

1
Back to TopTop