Developing a Novel Holistic Taxonomy of Security Requirements

Defining security requirements is of prime importance for all systems; we usually study the generic ones like confidentiality, integrity, availability, authentication, non-repudiation and privacy. It is thus imperative to evaluate all the possible extended requirements. A literature review has shown that there are various and different security requirements models, some of which are examined and others are neglected. Moreover, security lacks a unified taxonomy of security requirements. In this paper, we refer to the variety of security requirements models from the literature to drive an aggregate model and move away from the individualistic proposed taxonomy to a hierarchical and standard security requirement model. We define and propose a novel and holistic security requirement taxonomy at two levels of abstraction that incorporates 13 basic and standard requirements and then refined in layers into 31 security requirements sub-factors. These requirements are discussed in the open literature. Our taxonomy offers a good understanding of security constraints relevant to the system functions in the field of computer security. When it comes to decision making, it is recommended to establish which security measures should be relevant to the entire security requirements taxonomy.