Security Requirements Elicitation: An Agenda for Acquisition of Human Factors

Security Requirements Elicitation: An Agenda for Acquisition of Human Factors

Manish Gupta (State University of New York, Buffalo, USA)
DOI: 10.4018/978-1-60566-036-3.ch018
OnDemand PDF Download:
List Price: $37.50


Information security is becoming increasingly important and more complex as organizations are increasingly adopting electronic channels for managing and conducting business. However, state-of-the-art systems design methods have ignored several aspects of security that arise from human involvement or due to human factors. The chapter aims to highlight issues arising from coalescence of fields of systems requirements elicitation, information security, and human factors. The objective of the chapter is to investigate and suggest an agenda for state of human factors in information assurance requirements elicitation from perspectives of both organizations and researchers. Much research has been done in the area of requirements elicitation, both systems and security, but, invariably, human factors are not been taken into account during information assurance requirements elicitation. The chapter aims to find clues and insights into acquisition behavior of human factors in information assurance requirements elicitation and to illustrate current state of affairs in information assurance and requirements elicitation and why inclusion of human factors is required.
Chapter Preview

Systems And Security Requirements Elicitation: Human Factors

More often than not, it is becoming increasingly evident that the weakest links in an information-security chain are the people, because human nature and social interactions are much easier to manipulate than targeting the complex technological protections of information systems. Concerns and threats regarding human and social factors in organizational security are increasing at an exponential rate and shifting the information security paradigm. The growing number of instances of breaches in information security in the last few years has created a compelling case for efforts towards secure electronic systems. Security has been the subject of intensive research in the areas of cryptography, hardware, and networking. However, despite these efforts, designers often understand security as only the hardware or software implementation of specific cryptographic algorithms and security protocols. However, human factors are as important. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. Figure 1 shows information systems requirements that have been amply researched, including human elements of it, though the concentric circle representing the information assurance requirements with the overlap with circle representing human factors is understudied.

Figure 1.

Research coverage and areas

Complete Chapter List

Search this Book: