Using Common Criteria as Reusable Knowledge in Security Requirements Elicitation
The elicitation of Security Requirements (SRs) is a crucial issue to develop secure information systems of high quality. Although, the authors have several methods mainly for functional requirements such as goal-oriented methods and use case modeling, most of them do not provide sufficient supports to identify threats, security objectives and security functions. Security functions are closely related to architectural design of the information system, i.e. solution space, and knowledge from the solution space is necessary to elicit appropriate SRs of higher quality.