Abstract
It is really important to grasp and realize needs of customers in the system development. However, lack of requirements analysis in upper process often gives a crucial influence to the system development. For security requirements, even if extraction of menaces was completely carried out, insufficient countermeasures do not satisfy the quality that customers expect. Customers expect that systems and products satisfy the necessary conditions and guarantees not to fall into any dangerous situations. We show the description of countermeasures and procedures which clarify scope of assurance against risk, and which obtain an agreement on the assurance level with the customer. We propose a method using Assurance Case (ISO/IEC15026) against requirement risk in the project management.