ABSTRACT The increasing use of information systems led to dramatically improve the functionality with respect to safety, cost and reliability. However, with this growth of information systems the likelihood of vulnerabilities also increases. Security problems involving computers and software are frequent, widespread, and serious. The number and variety of attacks from outside organizations, particularly via the Internet, and the amount and consequences of insider attacks are increasing rapidly. We routinely hear customers claim that their system is insecure. However, without knowing what assumptions they make, it is hard to justify such a claim, and it is important to identify security requirements of the system. Enumerating the security to a system helps system architects develop realistic and meaningful secure software. In this paper, we propose a checklist for security requirements and assess the security with the help of a metrics based on checklist threshold value.
