Adaptive Security and Privacy I have been working on a requirements-based methodology for engineering systems able to protect valuable assets from harm. In particular, I foster the idea to promote assets as first-class entities in engineering secure software systems. I extended a requirements model by explicitly representing assets and other security concerns, such as vulnerabilities, threats, attacks, security goals and controls. Requirements are used to track relevant changes that may arise at runtime, reason on the security risk, and enable, when necessary, a set of security controls to mitigate security threats. In this way, it is possible to engineer systems able to prevent potential attacks, by dynamically adjusting their security controls depending on the current risk of harm. I am also interested in the development of analysis techniques able to support users in their decision about disclosing their personal information. Topology Aware Adaptive Security This research builds on the idea that for adaptive security the topology of the system operational environment (e.g., structure of the physical and cyber space, network topology) can provide important contextual characteristics. These include the location of assets being protected or the proximity of potentially threatening agents that might harm them. Agents' actions, such as physical movements, connection to a wireless network, or allocation of a virtual machine may be viewed as topological changes. The detection of a possible undesired topological change may lead to the decision to deploy a particular security control to protect the relevant asset. Forensic-ready systems I am interested in eliciting, and modelling the requirements of forensic-ready systems, which are able to anticipate and support some of the activities of a digital investigation. The requirements of forensic ready systems relate some speculative hypotheses of an incident to the evidence that should be collected and analysed in the environment in which an incident may happen. At this stage of my research I am mainly focused on automatically generating specifications of forensic ready systems aimed to proactively preserve the evidence demonstrating that an incident has occurred. They allow configuring proactive activities necessary to preserve important - potentially ephemeral - evidence in advance, depending on the risk of a digital crime to take place.