LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

Why is a risk-based approach to security requirements desirable?

It conserves resources by aiming security effort at the highest-risk areas — avoiding both under-investing (vulnerabilities) and over-investing (wasted effort on low-risk parts).

Benefits of Risk-Based Approach:

  • Efficiency - Focus resources on highest-risk areas
  • Prioritization - Address most critical threats first
  • Justification - Provide business rationale for security investments
  • Completeness - Systematic coverage of threats

The Security Requirements Process:

  1. Requirements - Identify NF/F requirements
  2. Diagraming - Document system architecture
  3. Threat Modelling - Identify potential threats
  4. STRIDE - Analyze threat categories
  5. DREAD - Rate and prioritize risks
  6. UCS/MUCS - Document functional and security requirements

Key Point: Without a risk-based approach, organizations either under-invest in security (leaving vulnerabilities) or over-invest (wasting resources on low-risk areas).

From Quiz: SPRG / Repetition and Review | Updated: Jun 20, 2026