Concurrent Consideration of Technical and Human Aspects in Security Requirements Engineering

Damjan Fujs

Abstract


This article is an extended abstract of the doctoral dissertation entitled “Tailoring security-related software and training requirements to users based on their categorization” (Fujs, 2024). Security has traditionally been ensured by technical solutions in the concluding stages of software development. The fact that security is considered an additional function means that a vulnerability is fixed with security patches as soon as it occurs. However, the importance of human factors is increasingly being recognized, as technical solutions alone are not enough to close security gaps. In order to address this shortcoming, we proposed an approach that simultaneously addresses technical as well as human aspects - already in the initial stages of software development.

Full Text:

PDF

References


Fujs, D. (2024). Tailoring security-related software and training requirements to users based on their categorization [Doctoral dissertation]. Repository of the University of Ljubljana.

Fujs, D., Vrhovec, S., & Vavpotič, D. (2023). Balancing software and training requirements for information security. Computers & security, 134, 103467.

Wiley, A., McCormac, A., & Calic, D. (2020). More than the individual: Examining the relationship between culture and Information Security Awareness. Computers & Security, 88, 101640.

European Union Agency for Cybersecurity, Svetozarov Naydenov, R., Malatras, A., Lella, I., Theocharidou, M., Ciobanu, C., Tsekmezoglou, E. (2022). ENISA threat landscape 2022 : July 2021 to July 2022. https://data.europa.eu/doi/10.2824/764318.




DOI: https://doi.org/10.31449/inf.v48i2.5945

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.