Providing a Maturity Assessment Model for Security Requirements Engineering From the Point of Explaining the Requirements Process (Multiple Case Study of Iran Telecommunication Professional Parent Companies)

Nowadays, information technology and communication are an integral part of everyday life of individuals and the condition of the organizations survival. Every business uses the amount of information technology it needs in different parts. This dependency on IT and communications, creates a lot of security problems for organizations. On the other hand, it should be noted that business continuity and service delivery by an organization will only be realized in the context of security. Therefore, the necessity of attention to various aspects of security to organize the organization's security activities, including in telecommunications companies, is becoming more and more evident.security requirements engineering is a well-known and effective solution to systematically facing security issues. Based on this, telecommunication companies can utilize security requirements engineering techniques to meet the security challenges of information technology and communications in an optimal way. In this regard, the maturity assessment model for security requirements engineering can be considered as an open standard road map to evaluate the maturity of telecommunications companies. The purpose of this research is to provide a maturity assessment model for security requirements engineering for for telecommunications companies, and emphasizing on procedural and process considerations of explaining the requirements. For this purpose, the source frameworks and models of security requirements engineering have been studied and and the security processes and procedures related to the requirements explaining have been organized in the form of a conceptual model of maturity assessment. This maturity model has been validated and analyzed through interviewing the experts of selected specialist of telecommunication companies and suggestions have been made to improve the security requirements engineering in these companies.