Towards an Architecture for Collaborative Cross-Organizational Security Requirements Management

Organizations increasingly adopt or consider adopting external services hoping for higher flexibility and reduced costs. However, currently existing deficiencies of processes and tools force service consumers to renounce from the expected advantages and to trade off profitability against security. These security and compliance concerns are predominately due to negligence or manual resolution of security policy and configuration dependencies, caused by distinct terminologies, languages and tools used at both the service provider and service customer. To overcome these kind of problems in the collaborative cross-organizational security management, we have developed CoSeRMaS, a collaborative and semi-automated tool to manage, define and validate inter-and cross-organizational security requirements. This paper introduces the CoSeRMaS prototype and gives an overview of the features that have been developed.