Curriculum design and methodologies for security requirements analysis

Lack of security is one of the most widespread problems affecting information systems. Security breaches at companies are reported almost everyday and users of computer systems are busy updating security of their computer system against vulnerabilities. While some of these problems are caused by human errors and faults of physical devices but the majority of them are due to the defects in software systems. The best way to reduce them is to find and fix them in an early stage of the software development, especially in the requirements elicitation and analysis phases. In this paper, we will present how we designed a security requirements analysis course to address this issue. We will also present security requirements elicitation methodologies based on the agentand goal-oriented requirements analysis methodologies of KAOS and i*.