Figure 4: Graphical View of MICMAC Analysis
Figure 4 depicts the MICMAC analysis findings. The RE security practices
were grouped into four distinct clusters for the MICMAC analysis. A
clustering of RE security practices categories is shown in Figure 4. The
first cluster comprises (autonomous enablers), the second cluster
includes (dependent enablers), and the third and fourth clusters include
(independent enablers). The results show that the RE1 ”Awareness of
SRE,” RE3 ”Requirements Elicitation of Security Requirements,” and
RE4”Analysis and Negotiations of Security Requirements” criteria are
considered driving variable categories and have, thus, been isolated
from the system. It is noted that RE2 ”Methods and Tools,” RE5-RE11,
have strong driving and dependency power and influence other enablers
owing to a strong relationship. This renders all the categories
interlinked with each other but not fully dependent on any category.
Thereby, we need practices from various categories to meet security
requirements in the software development process (GSD context).
Interestingly, no categories belong to a dependent cluster or autonomous
clusters.