Security　has　been　a　growing　concern　for　large　organizations,　especially　financial　and　governmental　institutions,　as　security　breaches　in　the　systems　they　depend　on　have　repeatedly　resulted　in　billions　of　dollars　in　losses　per　year,　and　this　cost　is　on　the　rise.　A　primary　reason　for　these　breaches　is　that　the　systems　in　question　are　socio-technical-　A　mix　of　people,　processes,　technology　and　infrastructure.　However,　such　systems　are　designed　in　a　piecemeal　rather　than　a　holistic　fashion,　leaving　parts　of　the　system　vulnerable.　To　tackle　this　problem,　a　three-realm　security　requirements　framework　was　proposed　to　holistically　analyse　security　requirements　in　different　conceptual　realms,　including　social　realm　(business　processes,　social　actors),　a　software　realm　(software　applications　that　support　the　social　realm)　and　an　infrastructure　realm　(physical　and　technological　infrastructure).　In　this　paper　we　evaluate　this　security　requirements　analysis　framework.　The　evaluation　was　performed　by　two　graduate　students　using　a　large　scale　case　study　on　a　medical　emergency　response　system.　©　2017　IEEE.