Abdulrazeg A.A.Norwawi N.M.Basir N.2024-05-292024-05-2920171936661210.1166/asl.2017.89012-s2.0-85023754580https://www.scopus.com/inward/record.uri?eid=2-s2.0-85023754580&doi=10.1166%2fasl.2017.8901&partnerID=40&md5=7c3368e5c9157b94f2dd8f59f526f78fhttps://oarep.usim.edu.my/handle/123456789/9698Once a set of security requirements are elicited, they need to be prioritized. Due to constraints such as development risk, cost, time to market, and security risk avoidance, it can be difficult to implement all security requirements that have been elicited for a system. Also, security requirements are often implemented in stages, and prioritization can help to determine which ones should be implemented first. Usually requirements are prioritized based on stockholders� preference with regards to the importance and easiest to implement. However, these approaches cannot be used with efficiency when dealing with security requirements because there are additional elements that are unique with security requirements. This paper proposes a Risk-based Security Requirements Prioritization (RiskSRP), a process that allows the prioritization of security requirements according to the Total Risk Impact (TI) of security threat(s). � 2017 American Scientific Publishers All rights reserved.en-USAssets valuationPrioritizationRiskSecurity requirementsThreatsRiskSRP: Prioritizing security requirements based on total risk avoidanceArticle45964600235