Which of the following SDLC phases consists of the given security controls: Misuse Case Modeling Security Design…?

Which of the following SDLC phases consists of the given security controls: Misuse Case
Modeling Security Design and Architecture Review Threat and Risk Modeling Security
Requirements and Test Cases Generation?

Which of the following SDLC phases consists of the given security controls: Misuse Case
Modeling Security Design and Architecture Review Threat and Risk Modeling Security
Requirements and Test Cases Generation?

A.
Deployment

B.
Requirements Gathering

C.
Maintenance

D.
Design

Explanation:
The various security controls in the SDLC design phase are as follows:
Misuse Case Modeling: It is important that the inverse of the misuse cases be modeled to
understand and address the security aspects of the software. The requirements traceability matrix
can be used to track the misuse cases to the functionality of the software. Security Design and
Architecture Review: This control can be introduced when the teams are engaged in the
“functional” design and architecture review of the software. Threat and Risk Modeling: Threat
modeling determines the attack surface of the software by examining its functionality for trust
boundaries, data flow, entry points, and exit points. Risk modeling is performed by ranking the

threats as they pertain to the users organization’s business objectives, compliance and regulatory
requirements and security exposures. Security Requirements and Test Cases Generation: All the
above three security controls, i.e., Misuse Case Modeling, Security Design and Architecture
Review, and Threat and Risk Modeling are used to produce the security requirements.

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *