Practical experience gained from modeling security goals. Using SGITs in an industrial project

Security inspections, especially in the early development stage, are becoming increasingly important for bringing security-relevant aspects into software systems. Nowadays, such inspections often do not focus in detail on security. The well-known and approved benefits of inspections do not exploit their full potential regarding security. Thus, we have developed the Security Goal Indicator Tree (SGIT) for eliminating existing shortcomings. SGITs are a new approach for modeling and checking security-relevant aspects during the entire software development lifecycle. This article describes the modeling of such security-goalbased trees as part of requirements engineering. Initial experience was gathered from creating SGITs in an industrial environment. After the probands of our industry partner received training on existing security models, the necessary knowledge for creating security models was collected and applied. This resulted in three context-specific SGITs discussed in this article.