Security is now the most critical feature of any, computing systems. Eliciting and analyzing security requirements, in the early stages of the system development process is highly, recommended to reduce security vulnerabilities which might be, found in the later stages of the system development process. In, order to address this issue, we will propose a new extension, of the misuse case diagram for analyzing and eliciting security, requirements with special focus on assets and security goals. We, will also present the process model in which business requirements, and system requirements related to security features are, separately analyzed and elicited in different phases. This process, model helps us to analyze the requirements related to business, goals in an earlier phase and to the system goals in a later phase, so that any concerns related to them are dealt with separately.We will illustrate our approach with a case study taken from an, accounting software package.