Stakeholders who have a direct association with requirements such as users, developers, project sponsors, customers, security professionals, project managers and testers collaborate through a predefined security requirement process. However as a consequence of considering a range of different perspectives, there will inevitably conflict between different stakeholder views, and hence, a key part of security requirements is the resolution of such conflicts. The well-planned security requirement should ultimately streamline the acceptance process.

Some of the other challenges:

• The ambiguous requirement is commonly seen when formal security requirement is absence leading to ineffective control in managing interpretation of security requirements.
• Defining a good security requirement doesn’t only means an understanding of assets and their values, it is equally important to evaluate assets at different stages of their lifecycle; creation, processing, storing, archiving and deletion.
• Choosing the right security requirement, develop it on time within budget using available resources requires specialised skills. It’s cost-effective to acquire professional services and have it correctly developed.