It is generally accepted that security requirements have to be identified as early as possible to avoid later rework in the systems development process. However, in practice quite often security aspects are considered either at the later stages of development cycles (increments in agile projects) or addressed only when problems arise. One of the reasons for difficulties of early detection of security requirements is the complexity of security requirements identification. In this paper we discuss an extension of the method for security requirements elicitation from business processes (SREBP). The extension includes the application of the enterprise model frame to provide an enterprise architecture context for analyzed business process models. The enterprise model frame covers practically all concepts of the information security related definitions; the use of the frame with the SREBP method complies with the common enterprise modeling and enterprise architecture approaches; and it use helps to consider security requirements and control at the business, application, and technology levels simultaneously.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 firstname.lastname@example.org
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 email@example.com