Cybersecurity User Requirements Analysis: The ECHO Approach

Cyber defense requires research and investment in advanced technological solution as well as in the development of effective methods and tools for identifying cyber threats and risks. This implies a need for a well-defined process for user requirements elicitation. The paper presents a structured approach for the identification of cybersecurity knowledge and elicitation of user needs, based on the development of specific use cases. Employing use cases is an effective way to identify the cyber security gaps. Example use case descriptions of the attacks on a general computer network are given. The proposed use cases are analyzed within CAIRIS platform. The modelling process confirms that CAIRIS is a powerful tool to enrich the context of threat models and UML class diagrams. Also, the modelling with CAIRIS could support using security-by-design principles. The research is conducted under the activities of “The European network of Cybersecurity centres and competence Hub for innovation and Operations” (ECHO) project.KeywordsCyber defenseUser requirements elicitationUse case analysisCAIRIS modelling