Analysing Security Requirements of Information Systems using Tropos

Security is an important issue when developing complex information systems, however very little work has been done in integrating security concerns during the analysis of information systems. Current methodologies fail to adequately integrate security and systems engineering, basically because they lack concepts and models as well as a systematic approach towards security. We believe that security should be considered during the whole development process and it should be defined together with the requirements specification.
This paper introduces extensions to the Tropos methodology to accommodate security. A
description of new concepts is given along with an explanation of how these concepts are
integrated to the current stages of Tropos. The above is illustrated using an agent-based
health and social care information system as a case study.

Citation:
Mouratidis, H. (2006) ‘Analysing Security Requirements of Information Systems using Tropos’ Proceedings 1st Annual Conference on Advances in Computing and Technology (AC&T), London - United Kingdom, pp. 55 – 64.