The main research questions of the experiment are the following:

* RQ1: Does the use of a catalog of security requirements lead to identify more security requirements?

* RQ2 Is participants' perception of using a catalog of security requirements in security requirements elicitation better than not using it?

RQ1 concerns the effectiveness of security requirements elicitation. To answer the research question we will measure effectiveness by counting the number of security requirements identified by the participants. The data analysis for RQ1 will be done using the Mann-Whitney test. Only security requirements specific for the scenario analyzed by the participants will be considered for statistical analysis.

RQ2 is related to the participants' perception of using the catalog of security requirements in eliciting security requirements. Participants' perception will be measured through a post-task questionnaire inspired to the Technology Acceptance Model (TAM). The data analysis for RQ2 will be done using the Mann-Whitney test.

The null hypotheses coming from the research questions are the following:

H1_0 There will be no difference in the number of security requirements found with a catalog of security requirements and the one found without.

H2_0 There will be no difference in the participants' perception of eliciting security requirement with a catalog of security requirements and without.

Participants to our experiment should have a background in security and at least two years experience in security requirements elicitation. A between-subject design will be used where the participants will be randomly assigned to two groups denoted as G1 and G2. The participants in G1 will identify security requirements for an advanced metering infrastructure scenario with the use of catalog of security requirements. The participants in G2 will have to identify security requirements for the same scenario but without the support of the catalog. The scenario focuses on a private household where a smart meter is installed which records consumption of electric energy and communicates this information daily back to the utility for monitoring and billing purposes.