Technological advancement makes the world a global village. The immense use of software systems has modernized human society in every aspect. Thus, the security parameter is an important element that needs to be considered while developing software systems. Considering the significance of software security, it is important to consider the security practices from the early phase of the software development life cycle (SDLC), i.e., requirements engineering (RE). Hence, this study aims to identify and categorize RE practices important to apply for secure software development (SSD) in a geographically distributed development environment. To study the RE practices concerning SSD, we conducted a questionnaire survey with industrial experts in the global software development (GSD) context. Furthermore, the interpretive structure modeling (ISM) approach was applied to evaluate the relationship between the RE security practice core categories. This paper identifies 70 practices and classifies them into 11 fundamental dimensions (categories) to assist GSD organizations in specifying the requirements for SSD. The ISM results show the “Awareness of Secure Requirement Engineering (SRE)” category has the most decisive influence on the other ten core categories of the identified RE security practices. With the help of empirical evidence and the ISM approach, this work attempts to identify potential security practices and to give a set of secure RE practices that can be used to improve the security of the software development process.