During my discussion with Claudiu (whom I appreciate as great expert in the area of secure development), we came up with some further thoughts on what drives security requirements. Also we agreed that the currently posted categorization in the Security Requirements article (under Foundations->Definitions) is not orthogonal. Meaning that a requirement can ambigously belong to two categories. However we believe that it is never the less valuable to understand what are the potential sources for requirements.
I hope the added illustration will help here.