Validating cyber security requirements a case study