With the pace at which threats evolve in the security domain, eliciting complete security requirements is particularly challenging. Due to the diversity of exploits and tactics used in cyber attacks and the volume of data incidents, it is difficult to gauge the optimum number of incidents that must be analysed to cover the entire domain space i.e. the patterns of attacks and related countermeasures required to produce a complete set of security requirements. We used a combination of Grounded Theory Method and Incident Fault Trees to analyse a number of data breach incidents with the purpose of identifying Security Requirements.
The analysis results for these incidents are listed below.
Data Exfiltration Incidents
Incident 1: The Nitro Attacks
Incident 2: Payment Card Data Theft by POS Memory Scraper Malware (Dexter, BlackPOS)
Incident 3: Track2 Data Theft at TJMaxx, and at Heartland Payment Systems
Incident 4: Operation Aurora, LulzSec's Sony PlayStation attack
Incident 5: The RSA Security Hack via Zero Day Flash Bug
Incident 6: Camp and Fowler Data Breach at University of Central Missouri
Incident 7: The iPad and AT&T attack
Incident 8: Anonymous Hacking - Indictment of Aaron Barr et. al.
Incident 9: The Matt Honan 'Epic' Attack
Incident 10: APT Attack using vectors such as DropBox and WordPress

All data files are available from the linked Google Sites page (https://sites.google.com/site/lancsdataexfiltration/home). Data files are licensed CC-BY.