Dear Colleagues,

Security is no longer a nice-to-have feature over existing systems, and organizations worldwide are investing more and more on security in order to safeguard intellectual property, financial information, and a company’s reputation. As such, information security is a crucial part of business strategy, which cannot be considered after the fact but in the very early development phases, in order to avoid conflicts with the existing system (which is already running) or expensive fixes.

A system might be secure from a technical point of view, because of a series of mechanisms that have been put in place, such as firewalls, secure password protection, or message encryption. However, this does not ensure that the business practice complies with security requirements, or that the said mechanisms do not conflict with the business policy. Statistics on security incidents show how security is affected by social and organizational aspects, which need to be considered on top of technical mechanisms. This opens up new challenges for analysts, who now have to study the bigger picture, which includes not only the software under design, but also the humans operating and interacting with it and the involved organizations. Analyzing this bigger picture means designing secure socio-technical systems rather than just technical software systems.

Despite much attention from the research community, research efforts on the design of socio-technical systems are still in their infancy, while socio-technical systems have been a reality for quite some time. Their societal relevance is demonstrated by many examples, such as healthcare systems, e-commerce, air traffic management control, smart cities, smart homes, and alike.

This Special Issue invites submissions of high-quality original technical content papers, empirical evaluation of existing methods, and industrial experience papers on real applications or survey papers that shed further light on the trends and current status of work in security requirements engineering.

Dr. Elda Paja
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

• Security requirements
• Information security
• Socio-technical systems
• Requirements engineering
• Modeling languages
• Security
• Security threats
• Privacy
• Risk analysis
• Compliance
• Automated analysis
• Enforcement of security requirements