Which of the following SDLC phases consists of the given security controls.
Misuse Case Modeling
Security Design and Architecture Review
Threat and Risk Modeling
Security Requirements and Test Cases Generation
A.
Design
B.
Maintenance
C.
Deployment
D.
Requirements Gathering
Explanation:
The various security controls in the SDLC design phase are as follows.
Misuse Case Modeling. It is important that the inverse of the misuse cases be modeled to
understand and address the security aspects of the software. The requirements traceability matrix
can be used to track the misuse cases to the functionality of the software.
Security Design and Architecture Review. This control can be introduced when the teams are
engaged in the “functional” design and architecture review of the software.
Threat and Risk Modeling. Threat modeling determines the attack surface of the software by
examining its functionality for trust boundaries, data flow, entry points, and exit points. Risk
modeling is performed by ranking the threats as they pertain to the users organization’s business
objectives, compliance and regulatory requirements and security exposures.
Security Requirements and Test Cases Generation. All the above three security controls, i.e., Misuse
Case Modeling, Security Design and Architecture Review, and Threat and Risk Modeling are used to
produce the security requirements.