Which of the following SDLC phases consists of the given security controls: Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation?
Suggested Answer:D🗳️
The various security controls in the SDLC design phase are as follows: Misuse Case Modeling: It is important that the inverse of the misuse cases be modeled to understand and address the security aspects of the software. The requirements traceability matrix can be used to track the misuse cases to the functionality of the software. Security Design and Architecture Review: This control can be introduced when the teams are engaged in the "functional" design and architecture review of the software. Threat and Risk Modeling: Threat modeling determines the attack surface of the software by examining its functionality for trust boundaries, data flow, entry points, and exit points. Risk modeling is performed by ranking the threats as they pertain to the users organization's business objectives, compliance and regulatory requirements and security exposures. Security Requirements and Test Cases Generation: All the above three security controls, i.e., Misuse Case Modeling, Security Design and Architecture Review, and Threat and Risk Modeling are used to produce the security requirements.
The given security controls - Misuse Case Modeling, Security Design and Architecture Review, Threat and Risk Modeling, Security Requirements and Test Cases Generation – are part of the "Design" phase of the SDLC (Software Development Life Cycle), so the answer is D.
While planning and requirements gathering are important phases in the SDLC, their focus is mainly on defining the project scope, developing a mitigation plan for potential risks, identifying stakeholders' requirements, and establishing priorities. Threat modeling techniques such as Misuse Case Modeling or Risk & threat assessments often require more insights into design or system architecture to effectively identify vulnerabilities in intended scenarios.
In contrast with Planning and Requirements Gathering stages that primarily deal with business reasoning behind development, Design is where actual architectural solutions of Applications fall into place while building up comprehensive security controls around it. Thus the Security Design process flows from early Development Phases but separate enough to understand detailed critical aspects of a systems Architecture driven largely by its Functionalities.
The SDLC is a framework used to guide the development of software applications. Its different phases include planning, requirements gathering, design, implementation, and maintenance. The security controls provided in this question - Misuse Case Modeling, Security Design and Architecture Review, Threat and Risk Modeling, Security Requirements and Test Cases Generation – belong to the "Design" phase.
During this stage of development, system designers use threat modeling techniques such as misuse case modeling and threat and risk modeling to identify potential vulnerabilities within their designs before writing any code. Additionally designing secure architectures are also taken into considerations along with generating security requirements that can be tested before proceeding further.
Overall these practices ensure that all required security features will be included in the final product. Thus it becomes important for developers or those responsible for application security to understand how these controls fit into each SDLC phase while developing robust applications.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
74gjd_37
5 months, 2 weeks ago74gjd_37
5 months, 2 weeks ago74gjd_37
5 months, 2 weeks ago