Security requirements analysis is a precondition to provide effective and appropriate safeguard for information systems. Based on the existing theories and approaches, this paper discusses the categories and analysis procedure of security requirements in information systems. And according to the basic steps of security requirements analysis, the security hazard analysis model and the security risk analysis model are presented here. At the end, the methods of security requirements specification and the corresponding improvements are also introduced.
展开▼
