1 / 21
Other keys: show •
Space: good •
1-4: rate •
0: skip •
5: flag •
6: invert
Question
What are the main topics covered in Security Requirements Engineering and how do they relate to each other?
Answer
Seven building blocks that flow into each other: Requirements → Diagraming → SDLC → Threat Modelling → STRIDE → DREAD → Use/Misuse Cases — a pipeline from "what to build" to "what could go wrong and how badly."
Topic Overview:
| Topic | Purpose |
|---|---|
| Requirements | Define what the system should do (Functional/Non-Functional) |
| Diagraming | Document requirements in a universally understandable way |
| SDLC | Framework for secure software development lifecycle |
| Threat Modelling | Record and analyze threats using tools |
| STRIDE | Identify and enumerate threats |
| DREAD | Rate and prioritize risks |
| UCS/MUCS | Document desired behavior and security threats |
Key Insight: A comprehensive, risk-based approach is very targeted and desirable because it conserves resources.
or press any other key
Note saved — thanks!