Organisational Security Requirements: An Agile Approach to Ubiquitous Information Security
Source: Deakin University
This paper proposes to address the need for more innovation in organisational information security by adding a security requirement engineering focus. Based on the belief that any heavyweight security requirements process in organisational security will be doomed to fail, the authors developed a security requirement approach with three dimensions. The use of a simple security requirements process in the first dimension has been augmented by an agile security approach. However, introducing this second dimension of agile security does provide support for, but does not necessarily stimulate, innovation. A third dimension is, therefore, needed to ensure there is a proper focus in the organisation's efforts to identify potential new innovations in their security.