Modelling E-business Security Requirements: Developer and Client Expectations

User perceptions of e-business systems’ security are, at best, that such systems are not as secure as more traditional ways of doing business. As security is now considered to be so crucial to e-Business success, the question of how security requirements are identified and how users can become involved in identifying security requirements for their organisation has become all the more important. This paper describes some of the results of an interpretive study into requirements elicitation using the business rules diagram (BRD) method. An interpretive analysis focusing on security provides some understanding of how users can contribute to the process of security requirements specification. In the study, users became active users of the BRD method and diagram in many requirements engineering areas, including security. A model of cognition is proposed that explains the behaviour that resulted during the study. The model posits two distinct modes of reasoning, formal and informal, and shows how movement occurs between the modes as roles and expectations change over time.