Requirements engineering for improving business/it alignment in security risk management methods

Abstract

Abstract: Information systems (IS) security within organizations is more and more focused around risk management approaches. Central to these approaches is the need for a better understanding of the required alignment between the business view of the organization and the architecture of its underlying IS. Through the use of requirements engineering techniques, the paper suggests how this business/IT interoperability issue is tackled together with the clarification of the underlying security risk management ontology