Purpose
The purpose of this study is the analysis of a security and privacy requirements engineering methodology. Such methodologies are considered an important part of systems’ development process when they contain and process a large amount of critical information, and thus need to remain secure and ensure privacy.
Design/methodology/approach
These methodologies provide techniques, methods and norms for tackling security and privacy issues in information systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, as the produced models are used not only among IT experts or among security specialists but also for communication among various stakeholders, in business environments or among novices in an academic environment.
Findings
The qualitative analysis revealed a partial satisfaction of these principles.
Originality/value
This paper evaluates the effectiveness of a security and privacy requirements engineering methodology, namely, Secure Tropos, on the nine principles of the theory of notation.