LOGBOOK

HELP

1 / 21
Other keys: showSpace: good1-4: rate0: skip5: flag6: invert

Question

What are the main topics covered in Security Requirements Engineering and how do they relate to each other?

Answer

Seven building blocks that flow into each other: Requirements → Diagraming → SDLC → Threat Modelling → STRIDE → DREAD → Use/Misuse Cases — a pipeline from "what to build" to "what could go wrong and how badly."

Topic Overview:

Topic Purpose
Requirements Define what the system should do (Functional/Non-Functional)
Diagraming Document requirements in a universally understandable way
SDLC Framework for secure software development lifecycle
Threat Modelling Record and analyze threats using tools
STRIDE Identify and enumerate threats
DREAD Rate and prioritize risks
UCS/MUCS Document desired behavior and security threats

Key Insight: A comprehensive, risk-based approach is very targeted and desirable because it conserves resources.

or press any other key