Which
of the following SDLC phases consists of the given security controls: Misuse Case Modeling Security
Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases
Generation
A.
Design
B.
Maintenance
C.
Deployment
D.
Requirements Gathering
Explanation:
The various security controls in the SDLC design phase are as follows:
Misuse Case Modeling: It is important that the inverse of the misuse cases be modeled to
understand and address the security
aspects of the software. The requirements traceability matrix can be used to track the misuse cases
to the functionality of the software.
Security Design and Architecture Review: This control can be introduced when the teams are
engaged in the “functional” design and
architecture review of the software.
Threat and Risk Modeling: Threat modeling determines the attack surface of the software by
examining its functionality for trust
boundaries, data flow, entry points, and exit points. Risk modeling is performed by ranking the
threats as they pertain to the users
organization’s business objectives, compliance and regulatory requirements and security exposures.Security Requirements and Test Cases Generation: All the above three security controls, i.e., Misuse
Case Modeling, Security Design
and Architecture Review, and Threat and Risk Modeling are used to produce the security
requirements.