N. Mayer, ) Model-based management of information system security risk, Presses universitaires de Namur, 2012.

P. Giorgini, F. Massacci, and N. Zannone, Security and trust requirements engineering (eds) Foundations of security analysis and design III, pp.237-272, 2005.

L. Liu, E. Yu, and J. Mylopoulos, Analyzing security requirements as relationships among strategic actors, Proceedings of the 2nd symposium on requirements engineering for information security, 2002.

H. Mouratidis, Analysing security requirements of information systems using tropos, 2006.

A. Van-lamsweerde, Elaborating security requirements by construction of intentional anti-models, Proceedings. 26th International Conference on Software Engineering, pp.148-157, 2004.
DOI : 10.1109/ICSE.2004.1317437

G. Sindre and A. Opdahl, Eliciting security requirements with misuse cases, Requirements Engineering, vol.lies, issue.1, pp.34-44, 2005.
DOI : 10.1007/s00766-004-0194-4

D. Firesmith, Security Use Cases., The Journal of Object Technology, vol.2, issue.3, pp.53-64, 2003.
DOI : 10.5381/jot.2003.2.3.c6

D. Lodderstedt, J. Basin, and . Doser, SecureUML: A UML-Based Modeling Language for Model-Driven Security, UML ) 2002?The Unified Modeling Language, pp.426-441, 2002.
DOI : 10.1007/3-540-45800-X_33

J. Jürjens, Using UMLsec and goal trees for secure systems development, Proceedings of the 2002 ACM symposium on Applied computing , SAC '02, pp.1026-1030, 2002.
DOI : 10.1145/508791.508990

D. Firesmith, Specifying Reusable Security Requirements., The Journal of Object Technology, vol.3, issue.1, pp.61-75, 2004.
DOI : 10.5381/jot.2004.3.1.c6

L. Hermoye, A. Van-lamsweerde, and D. Perry, A reusebased approach to security requirements engineering. (Online) http://users.ece.utexas, 2014.

J. Jensen, I. Tøndel, and P. Meland, Experimental threat model reuse with misuse case diagrams Information and communications security, pp.355-366, 2010.

D. Hatebur, M. Heisel, and H. Schmidt, A Pattern System for Security Requirements Engineering, The Second International Conference on Availability, Reliability and Security (ARES'07), pp.356-365, 2007.
DOI : 10.1109/ARES.2007.12

G. Heineman and W. Councill, Component-based software engineering: putting the pieces together (paperback), 2001.
DOI : 10.1007/b136248

W. Frakes and K. Kang, Software reuse research: status and future, IEEE Transactions on Software Engineering, vol.31, issue.7, pp.529-536, 2005.
DOI : 10.1109/TSE.2005.85

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

W. Lam, J. Mcdermid, and A. Vickers, Ten steps towards systematic requirements reuse, Requirements Engineering, vol.20, issue.3, pp.102-113, 1997.
DOI : 10.1007/BF02813029

S. Robertson and J. Robertson, Mastering the requirements process getting requirements right, 2013.

O. López, M. Laguna, and F. Peñalvo, Metamodeling for requirements reuse, pp.76-90, 2002.

P. Walton and N. Maiden, Integrated software reuse: management and techniques, 1993.

N. Mead and G. Mcgraw, A Portal for Software Security, IEEE Security and Privacy Magazine, vol.3, issue.4, pp.75-79, 2005.
DOI : 10.1109/MSP.2005.88

K. Petersen, R. Feldt, S. Mujtaba, and M. Mattsson, Systematic mapping studies in software engineering, 12th international conference on evaluation and assessment in software engineering, 2008.

B. Kitchenham and S. Charters, Guidelines for performing systematic literature reviews in software engineering, 2007.

D. Budgen, M. Turner, P. Brereton, and B. Kitchenham, Using mapping studies in software engineering, Proc PPIG, vol.8, pp.195-204, 2008.

B. Kitchenham, D. Budgen, and O. Brereton, Using mapping studies as the basis for further research ??? A participant-observer case study, Information and Software Technology, vol.53, issue.6, pp.638-651, 2011.
DOI : 10.1016/j.infsof.2010.12.011

R. Wieringa, N. Maiden, N. Mead, and R. C. , Requirements engineering paper classification and evaluation criteria: a proposal and a discussion, Requirements Engineering, vol.39, issue.4, pp.102-107, 2006.
DOI : 10.1007/s00766-005-0021-6

URL : https://hal.archives-ouvertes.fr/hal-00706337

E. ´. Dubois, P. Heymans, N. Mayer, and R. Matulevi?ius, A systematic approach to define the domain of information system security risk management Intentional perspectives on information systems engineering, pp.289-306, 2010.

B. Fabian, S. Gürses, M. Heisel, T. Santen, and H. Schmidt, A comparison of security requirements engineering methods, Requirements Engineering, vol.4, issue.2, pp.7-40, 2010.
DOI : 10.1007/s00766-009-0092-x

G. Elahi, H. Mouratidis, P. Giorgini, M. Schumacher, and M. Manson, Security requirements engineering: state of the art and practice and challenges. http://www.cs.utoronto.ca/ *gelahi/Depth 29 Security patterns for agent systems, Proceedings of the eight european conference on pattern languages of programs (Euro- PLoP), 2003.

A. Van-lamsweerde, Engineering requirements for system reliability and security Software system reliability and security, ser. NATO security through science series-D: information and communication security, pp.196-238, 2007.

L. Hermoye, A. Van-lamsweerde, and D. Perry, Attack patterns for security requirements engineering, 2006.

P. Bresciani, A. Perini, P. Giorgini, F. Giunchiglia, and J. Mylopoulos, Tropos: An Agent-Oriented Software Development Methodology, Autonomous Agents and Multi-Agent Systems, vol.8, issue.3, pp.203-236, 2004.
DOI : 10.1023/B:AGNT.0000018806.20944.ef

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

A. Susi, A. Perini, J. Mylopoulos, and P. Giorgini, The tropos metamodel and its use, Informatica (Slovenia), vol.29, issue.4, pp.401-408, 2005.

H. Mouratidis and P. Giorgini, SECURE TROPOS: A SECURITY-ORIENTED EXTENSION OF THE TROPOS METHODOLOGY, International Journal of Software Engineering and Knowledge Engineering, vol.17, issue.02, pp.285-309, 2007.
DOI : 10.1142/S0218194007003240

H. Mouratidis, P. Giorgini, and G. Manson, Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems, Proceedings of the 15th conference on advanced information systems engineering CAiSE, pp.63-78, 2003.
DOI : 10.1007/3-540-45017-3_7

M. Pavlidis, H. Mouratidis, C. Kalloniatis, S. Islam, and S. Gritzalis, Trustworthy selection of cloud providers based on security and privacy requirements: justifying trust assumptions (eds) Trust, privacy, and security in digital business, pp.185-198, 2013.

E. Paja, F. Dalpiaz, M. Poggianella, P. Roberti, and P. Giorgini, STS-Tool: using commitments to specify socio-technical security requirements Advances in conceptual modeling, pp.396-399, 2012.

H. Mouratidis, M. Weiss, and P. Giorgini, MODELING SECURE SYSTEMS USING AN AGENT-ORIENTED APPROACH AND SECURITY PATTERNS, International Journal of Software Engineering and Knowledge Engineering, vol.16, issue.03, pp.471-498, 2006.
DOI : 10.1142/S0218194006002823

C. Alexander, S. Ishikawa, and M. Silverstein, A pattern language: towns, buildings, construction, 1977.

P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone, STtool: a CASE tool for security requirements engineering, Proceedings of 13th IEEE international conference on requirements engineering, pp.451-452, 2005.

T. Okubo, H. Kaiya, and N. Yoshioka, Effective Security Impact Analysis with Patterns for Software Enhancement, 2011 Sixth International Conference on Availability, Reliability and Security, pp.527-534, 2011.
DOI : 10.1109/ARES.2011.79

A. Souag and C. Salinesi, Comyn-Wattiau I (2012) Ontologies for security requirements: a literature survey and classification. In: Advanced information systems engineering workshops lecture notes in business information processing, pp.61-69

A. Antón and J. Earp, Strategies for developing policies and requirements for secure electronic commerce systems E-commerce security and privacy, In: Ghosh AK, pp.29-46, 2001.

Q. He and A. Anton, A framework for modeling privacy requirements in role engineering, international workshop on requirements engineering for software quality, pp.16-17, 2003.

A. Antón and J. Earp, A requirements taxonomy for reducing web site privacy vulnerabilities, Requir Eng, vol.9, issue.3, pp.169-185, 2004.

P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone, Requirements engineering for trust management: model, methodology, and reasoning, International Journal of Information Security, vol.9, issue.1, pp.257-274, 2006.
DOI : 10.1007/s10207-006-0005-7

URL : http://repository.tue.nl/650905

F. Massacci, M. Prest, and N. Zannone, Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation, Computer Standards & Interfaces, vol.27, issue.5, 2004.
DOI : 10.1016/j.csi.2005.01.003

F. Massacci and N. Zannone, Detecting conflicts between functional and security requirements with Secure Tropos: John Rusnak and the Allied Irish Bank Social modeling for requirements engineering, 2008.

Y. Asnar, P. Giorgini, F. Massacci, and N. Zannone, From Trust to Dependability through Risk Analysis, The Second International Conference on Availability, Reliability and Security (ARES'07), pp.19-26, 2007.
DOI : 10.1109/ARES.2007.93

Y. Asnar, P. Giorgini, and J. Mylopoulos, Risk modelling and reasoning in goal models, 2006.

F. Massacci, J. Mylopoulos, and N. Zannone, An ontology for secure socio-technical systems. Handbook of ontologies for business interaction, 2007.

E. Ivankina, An approach to guide requirement elicitation by analysing the causes and consequences of threats, Inform Model Knowl. Bases XVI, vol.121, p.13, 2005.

C. Salinesi, E. Ivankina, and W. Angole, Using the RITA threats ontology to guide requirements elicitation: an empirical experiment in the banking sector In: Managing requirements knowledge, MARK'08. First International Workshop on, pp.11-15, 2008.

C. Rolland, C. Souveyet, and C. Benachour, Guiding goal modeling using scenarios, IEEE Transactions on Software Engineering, vol.24, issue.12, pp.1055-1071, 1998.
DOI : 10.1109/32.738339

URL : https://hal.archives-ouvertes.fr/hal-00673586

O. Daramola, G. Sindre, and T. Moser, Ontology-based support for security requirements specification process On the move to meaningful internet systems: OTM 2012 workshops, pp.194-206, 2012.

O. Daramola, G. Sindre, and T. Stalhane, Pattern-based security requirements specification using ontologies and boilerplates, 2012 Second IEEE International Workshop on Requirements Patterns (RePa), pp.2012-2012, 2012.
DOI : 10.1109/RePa.2012.6359973

S. Dritsas, L. Gymnopoulos, M. Karyda, T. Balopoulos, S. Kokolakis et al., A knowledge-based approach to security requirements for e-health applications, 2006.

J. Velasco, R. Valencia-garcia, J. Fernandez-breis, and A. Toval, Modelling reusable security requirements based on an ontology framework, J Res Pract Inf Technol, vol.41, issue.2, p.119, 2009.

. Pae-magerit-v, 3: Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información. (Online), p.17, 2013.

A. Toval, J. Nicolás, B. Moros, and O. García, Requirements Reuse for Improving Information Systems Security: A Practitioner???s Approach, Requirements Engineering, vol.6, issue.4, pp.205-219, 2001.
DOI : 10.1007/PL00010360

P. Salini and S. Kanmani, A Knowledge-oriented Approach to Security Requirements for an E-Voting System, International Journal of Computer Applications, vol.49, issue.11, pp.21-25, 2012.
DOI : 10.5120/7671-0953

A. Chikh, M. Abulaish, S. Nabi, K. Alghathbar, J. Park et al., An Ontology Based Information Security Requirements Engineering Framework, Secure and trust computing, pp.139-146, 2011.
DOI : 10.1017/S135132490400347X

S. Fenz and A. Ekelhart, Formalizing information security knowledge, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS '09, pp.183-194, 2009.
DOI : 10.1145/1533057.1533084

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

A. Zuccato, N. Daniels, and C. Jampathom, Service Security Requirement Profiles for Telecom: How Software Engineers May Tackle Security, 2011 Sixth International Conference on Availability, Reliability and Security, pp.521-526, 2011.
DOI : 10.1109/ARES.2011.81

G. Sindre and A. Opdahl, Templates for misuse case description In: Proceedings of the 7th international workshop on requirements engineering, foundation for software quality, pp.4-5, 2001.

G. Sindre and A. Opdahl, Capturing security requirements through misuse cases, Norsk Informatikkonferanse, 2001.
DOI : 10.1007/s00766-004-0194-4

I. Alexander, Initial industrial experience of misuse cases in trade-off analysis, Proceedings IEEE Joint International Conference on Requirements Engineering, pp.61-68, 2002.
DOI : 10.1109/ICRE.2002.1048506

G. Sindre, D. Firesmith, and A. Opdahl, A reuse-based approach to determining security requirements, Proceedings of 9th international workshop on requirements engineering: foundation for software quality, pp.3-16, 2003.

L. Lin, B. Nuseibeh, D. Ince, M. Jackson, and J. Moffett, Introducing abuse frames for analysing security requirements, Journal of Lightwave Technology, pp.3-371, 2003.
DOI : 10.1109/ICRE.2003.1232791

L. Lin, B. Nuseibeh, D. Ince, M. Jackson, and J. Moffett, Analysing security threats and vulnerabilities using abuse frames, 2003.

L. Lin, B. Nuseibeh, D. Ince, and M. Jackson, Using abuse frames to bound the scope of security problems, 12th IEEE international requirements engineering conference, pp.354-355

M. Jackson, Problem frames: analysing and structuring software development problems, 2001.

M. Saeki and H. Kaiya, Security Requirements Elicitation Using Method Weaving and Common Criteria, pp.185-196, 2009.
DOI : 10.1007/11575801_34

H. Mouratidis, S. Islam, C. Kalloniatis, and S. Gritzalis, A framework to support selection of cloud providers based on security and privacy requirements, Journal of Systems and Software, vol.86, issue.9, pp.2276-2293, 2013.
DOI : 10.1016/j.jss.2013.03.011

N. Mead and T. Stehney, Security quality requirements engineering (SQUARE) methodology, Proceedings of the 2005 workshop on Software engineering for secure system building trustworthy applications, pp.1-7, 2005.
DOI : 10.1145/1083200.1083214

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

N. Mead, V. Viswanathan, D. Padmanabhan, and A. Raveendran, Incorporating security quality requirements engineering (SQUARE) into standard life-cycle models, 2008.
DOI : 10.1145/1083200.1083214

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

N. Mead and E. Hough, Security Requirements Engineering for Software Systems: Case Studies in Support of Software Engineering Education, 19th Conference on Software Engineering Education & Training (CSEET'06), pp.149-158, 2006.
DOI : 10.1109/CSEET.2006.30

K. Rannenberg, Recent development in information technology security evaluation-the need for evaluation criteria for multilateral security. In: Security and control of information technology in society, pp.113-128, 1993.

T. Christian, Security requirements reusability and the SQUARE methodology, No. CMU/SEI-2010-TN-027, 2010.

D. Mellado, E. Fernandez-medina, and M. Piattini, Security Requirements Variability for Software Product Lines, 2008 Third International Conference on Availability, Reliability and Security, pp.1413-1420, 2008.
DOI : 10.1109/ARES.2008.165

D. Mellado, E. Fernández-medina, and M. Piattini, Applying a security requirements engineering process Computer security?ESORICS, pp.192-206, 2006.

D. Mellado, E. Fernández-medina, and M. Piattini, A common criteria based security requirements engineering process for the development of secure information systems, Computer Standards & Interfaces, vol.29, issue.2, pp.244-253, 2007.
DOI : 10.1016/j.csi.2006.04.002

I. Jacobson, G. Booch, and J. Rumbaugh, The unified software development process, 1999.

E. Yu and L. Liu, Modelling trust for system design using the i* strategic actors framework (eds) Trust in cyber-societies, pp.175-194, 2001.

L. Liu, E. Yu, and J. Mylopoulos, Security and privacy requirements analysis within a social setting, Journal of Lightwave Technology, pp.151-161, 2003.
DOI : 10.1109/ICRE.2003.1232746

R. Araujo and S. Gupta, Design authorization systems using secureUML. In: Foundstone foundstone professional services, pp.2-16, 2005.

J. Jürjens and P. Shabalin, Automated Verification of UMLsec Models for Security Requirements, UML 2004?The Unified Modeling Language, pp.412-425, 2004.
DOI : 10.1007/978-3-540-30187-5_26

B. Best, J. Jurjens, and B. Nuseibeh, Model-Based Security Engineering of Distributed Information Systems Using UMLsec, 29th International Conference on Software Engineering (ICSE'07), pp.581-590, 2007.
DOI : 10.1109/ICSE.2007.55

S. Wenzel, D. Warzecha, and J. Jurjens, Approach for adaptive security monitor generation?secureChange, p.31, 2012.

H. Dahl, I. Hogganvik, and K. Stølen, Structured semantics for the CORAS security risk modeling language In: Preproceedings of the 2nd international workshop on interoperability solutions on trust, security, policies and QoS for enhanced enterprise systems (IS-TSPQ'07), pp.79-92, 2007.

M. Lund, B. Solhaug, and K. Stølen, The CORAS Tool, pp.339-346, 2011.
DOI : 10.1007/978-3-642-12323-8_18

F. Vraalsen, F. Den-braber, M. Lund, and K. Stølen, The CORAS Tool for Security Risk Analysis, pp.402-405, 2005.
DOI : 10.1007/11429760_30

I. Hogganvik and K. Stølen, A Graphical Approach to Risk Identification, Motivated by Empirical Investigations, Proceedings of the 9th international conference on model driven engineering languages and systems, pp.574-588, 2006.
DOI : 10.1007/11880240_40

S. Evans, D. Heinbuch, E. Kyle, J. Piorkowski, and J. Wallner, Risk-based systems security engineering: stopping attacks with intention, IEEE Security and Privacy Magazine, vol.2, issue.6, pp.59-62, 2004.
DOI : 10.1109/MSP.2004.109

D. Buckshaw, G. Parnell, W. Unkenholz, D. Parks, J. Wallner et al., Mission Oriented Risk and Design Analysis of Critical Information Systems, Military Operations Research, vol.10, issue.2, pp.19-38, 2005.
DOI : 10.5711/morj.10.2.19

A. Morali and R. Wieringa, Risk-based Confidentiality Requirements Specification for Outsourced IT Systems, 2010 18th IEEE International Requirements Engineering Conference, pp.199-208, 2010.
DOI : 10.1109/RE.2010.30

C. Haley, R. Laney, J. Moffett, and B. Nuseibeh, Security Requirements Engineering: A Framework for Representation and Analysis, IEEE Transactions on Software Engineering, vol.34, issue.1, pp.133-153, 2008.
DOI : 10.1109/TSE.2007.70754

C. Haley, J. Moffett, R. Laney, and B. Nuseibeh, A framework for security requirements engineering, Proceedings of the 2006 international workshop on Software engineering for secure systems , SESS '06, pp.35-42, 2006.
DOI : 10.1145/1137627.1137634

B. Nuseibeh, C. Haley, and C. Foster, Securing the Skies: In Requirements We Trust, Computer, vol.42, issue.9, pp.46-54
DOI : 10.1109/MC.2009.299

S. Gürses, B. Berendt, and T. Santen, Multilateral security requirements analysis for preserving privacy in ubiquitous environments, Proceedings of the UKDU workshop, pp.51-64, 2006.

S. Gürses and T. Santen, Contextualizing security goals: a method for multilateral security requirements elicitation, In: Sicherheit, vol.6, pp.42-53, 2006.

A. Souag, C. Salinesi, and R. Mazo, Comyn-Wattiau I (2015) A security ontology for security requirements elicitation, International symposium on engineering secure software and systems, 2015.

Y. Chernak, Requirements Reuse: The State of the Practice, 2012 IEEE International Conference on Software Science, Technology and Engineering, pp.2012-2012, 2012.
DOI : 10.1109/SWSTE.2012.12

N. Yoshioka, H. Washizaki, and K. Maruyama, A survey on security patterns, Progress in Informatics, vol.5, issue.5, pp.35-47, 2008.
DOI : 10.2201/NiiPi.2008.5.5

P. Devanbu and S. Stubblebine, Software engineering for security, Proceedings of the conference on The future of Software engineering , ICSE '00, pp.227-239, 2000.
DOI : 10.1145/336512.336559

D. Mellado, C. Blanco, L. Sánchez, and E. Fernández-medina, A systematic review of security requirements engineering, Computer Standards & Interfaces, vol.32, issue.4, pp.153-165, 2010.
DOI : 10.1016/j.csi.2010.01.006

P. Salini and S. Kanmani, Survey and analysis on Security Requirements Engineering, Computers & Electrical Engineering, vol.38, issue.6, pp.1785-1797, 2012.
DOI : 10.1016/j.compeleceng.2012.08.008

I. Tondel, M. Jaatun, and P. Meland, Security Requirements for the Rest of Us: A Survey, IEEE Software, vol.25, issue.1, pp.20-27, 2008.
DOI : 10.1109/MS.2008.19

G. Elahi, Security requirements engineering: state of the art and practice and challenges, 2009.

I. Iankoulova and M. Daneva, Cloud computing security requirements: A systematic review, 2012 Sixth International Conference on Research Challenges in Information Science (RCIS), pp.1-7, 2012.
DOI : 10.1109/RCIS.2012.6240421

B. Richard, information systems security design methods: implications for information systems development, ACM Comput Surv (CSUR), vol.25, issue.4, pp.375-414, 1993.