Security requirements
Security requirements can be left out or minimized, resulting in the necessity to do rework late in the project when they're discovered. While you don't want to encourage complex security, you do need to ask enough questions about who can do certain tasks and who can access which data to ensure that you capture what's required. It can also be helpful to differentiate a security requirement for data access from a need to filter and only show specific data. For example, a requirement stating that sales staff can only view their own accounts could be implemented as a data view or as a security model configuration. Having a clear requirement can ensure the proper implementation.
As you collect and evaluate requirements, consider the following tactics, which can help lead to a more successful project:
Focus on the requirements for having a clear desired outcome.
Consider the big picture, not only a single requirement.
Use scenarios or user stories to help explain the requirements.
Ask the same question in different ways to make sure that you get the same answer.
Try to avoid solving how you'll implement when you're collecting requirements.