Quiz Entry - updated: 2026.06.20
Why is a risk-based approach to security requirements desirable?
It conserves resources by aiming security effort at the highest-risk areas — avoiding both under-investing (vulnerabilities) and over-investing (wasted effort on low-risk parts).
Benefits of Risk-Based Approach:
- Efficiency - Focus resources on highest-risk areas
- Prioritization - Address most critical threats first
- Justification - Provide business rationale for security investments
- Completeness - Systematic coverage of threats
The Security Requirements Process:
- Requirements - Identify NF/F requirements
- Diagraming - Document system architecture
- Threat Modelling - Identify potential threats
- STRIDE - Analyze threat categories
- DREAD - Rate and prioritize risks
- UCS/MUCS - Document functional and security requirements
Key Point: Without a risk-based approach, organizations either under-invest in security (leaving vulnerabilities) or over-invest (wasting resources on low-risk areas).