LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What is a Mitigation Use Case and how does it relate to Misuse Cases?

A Mitigation Use Case is the defence you add to neutralise a Misuse Case — drawn as a use case with a "mitigates" arrow pointing at the MUC it cancels.

It closes the loop: the MUC says how you can be attacked, the Mitigation Case says what you do about it. Crucially, one mitigation can answer several MUCs at once — which is why modelling it as its own visible use case (rather than burying it in prose) pays off:

Example — Input Validation as mitigation:

[Input Validation] ---mitigates---> [Injection Attack]
[Input Validation] ---mitigates---> [Overflow Attack]

Implementation options:

  1. Describe mitigation as part of the misuse case description
  2. Create a separate mitigation use case (better - more visible)

Visual: Mitigation cases are typically shown with a special border (e.g., red outline) to distinguish them from regular use cases.

Key point: One mitigation can address multiple misuse cases (e.g., input validation mitigates both injection and overflow attacks).

From Quiz: SPRG / Security Review | Updated: Jun 20, 2026