Figure 4: Graphical View of MICMAC Analysis
Figure 4 depicts the MICMAC analysis findings. The RE security practices were grouped into four distinct clusters for the MICMAC analysis. A clustering of RE security practices categories is shown in Figure 4. The first cluster comprises (autonomous enablers), the second cluster includes (dependent enablers), and the third and fourth clusters include (independent enablers). The results show that the RE1 ”Awareness of SRE,” RE3 ”Requirements Elicitation of Security Requirements,” and RE4”Analysis and Negotiations of Security Requirements” criteria are considered driving variable categories and have, thus, been isolated from the system. It is noted that RE2 ”Methods and Tools,” RE5-RE11, have strong driving and dependency power and influence other enablers owing to a strong relationship. This renders all the categories interlinked with each other but not fully dependent on any category. Thereby, we need practices from various categories to meet security requirements in the software development process (GSD context). Interestingly, no categories belong to a dependent cluster or autonomous clusters.