Security requirements elicitation: An agenda for acquisition of human factors

Information security is becoming increasingly important and more complex as organizations are increasingly adopting electronic channels for managing and conducting business. However, state-of-the-art systems design methods have ignored several aspects of security that arise from human involvement or due to human factors. The chapter aims to highlight issues arising from coalescence of fields of systems requirements elicitation, information security, and human factors. The objective of the chapter is to investigate and suggest an agenda for state of human factors in information assurance requirements elicitation from perspectives of both organizations and researchers. Much research has been done in the area of requirements elicitation, both systems and security, but, invariably, human factors are not been taken into account during information assurance requirements elicitation. The chapter aims to find clues and insights into acquisition behavior of human factors in information assurance requirements elicitation and to illustrate current state of affairs in information assurance and requirements elicitation and why inclusion of human factors is required.