Which of the following security practices are included in the Requirements phase?

The Security Development Lifecycle (SDL) consists of various security practices that are grouped under seven phases. Which of the following security practices are included in the Requirements phase?

Each correct answer represents a complete solution. Choose all that apply.

The Security Development Lifecycle (SDL) consists of various security practices that are grouped under seven phases. Which of the following security practices are included in the Requirements phase?

Each correct answer represents a complete solution. Choose all that apply.

A.
Incident Response Plan

B.
Create Quality Gates/Bug Bars

C.
Attack Surface Analysis/Reduction

D.
Security and Privacy Risk Assessment

Explanation:
The Requirements phase of the Security Development Lifecycle (SDL) includes the following security practices:
Security and Privacy Requirements
Create Quality Gates/Bug Bars
Security and Privacy Risk Assessment

Answer option C is incorrect. Attack Surface Analysis/Reduction is a security practice included in the Design phase of the Security Development Lifecycle (SDL).

Answer option A is incorrect. Incident Response Plan is a security practice included in the Release phase of the Security Development Lifecycle (SDL).



Leave a Reply 0

Your email address will not be published. Required fields are marked *