Eliciting a Security Architecture Requirements Baseline from Standards and Regulations

Recently, numerous security standards, laws, and regulations have been issued to address growing security concerns for critical systems. As a result, assuring that a system software architecture complies with security standards and regulations has become a top priority, critical to an organization's success. This study focuses on a SCADA system use case to identify the practical challenges in eliciting adequate security requirements to ensure that a system software architecture complies with security standards and accommodate the evolving nature of both the standards and the systems. To address these challenges, a systemic and iterative process for eliciting security requirements is proposed. The findings shed light on improving the effectiveness and efficiency of the security requirements elicitation process, ensuring compliance with standards, policies, and regulations in system software architecture.