Understanding the Role of Human-Related Factors in Security Requirements Elicitation.

Context and motivation: Many requirements engineering (RE) activities depend not only on the nature of the system itself, but also on human-centric characteristics of the RE teams. Question/problem: What role do human-related factors of RE teams play in eliciting high-quality security requirements? Principal ideas/results: This research preview presents our preliminary work in discovering the cognitive factors that represent the intentions and motivations of RE teams to develop secure systems from early stages of the system development, and how these factors impact the quality of the elicited requirements. We outline a framework, with an illustrative example, for describing the variables that affect the decisions of RE teams when they elicit security requirements to address security concerns. Contribution: The proposed framework helps to characterize the different aspects of human-related factors, and the correlation between the impact of these factors on the quality of the requirements elicitation phase. This is a novel research direction which positions our long-term research agenda, and we urge community contributions in this direction to achieve an enhanced understanding of the role of human-related factors in requirements engineering for security domains.