The software security depends largely on how the system was designed, developed and deployed, so at this time it is necessary to take into account the security requirements already at the stage of requirements development and software design. There are some different approaches to security requirements engineering, each of them has its advantages and disadvantages. During the speech, methods of security requirements engineering, identifying parties, identifying and assessing the risks of software assets, tracking implementation of requirements, etc. will be considered.

1. Security Requirements Engineering
Oleksii Baranovskyi, Ph.D.
CEH, CHFI, CVA, ECIH

2. Security Requirements describe
functional and non-functional
requirements that need to be
satisfied in order to achieve the
security attributes of an system.
SR
Security Requirements

3. Security Requirement Engineering

4. Types of Security Requirements
Immunity
Requirements
Integrity
Requirements
Intrusion Detection
Requirements
Nonrepudiation
Requirements
Privacy
Requirements
Security Auditing
Requirements
Identification
Requirements
Authentication
Requirements
Authorization
Requirements
Survivability
Requirements
Physical Protection
Requirements
System Maintenance
Security
Requirements

5. Types of Security Requirements
Secure Functional
Requirements
Functional Security
Requirements
Secure
Development
Requirements
Non-Functional
Security
Requirements

7. Software Requirement Management Methods
SQUARE
Security Quality Requirements Engineering
SREP
The Security Requirements Engineering
Process
CLASP
The Comprehensive, Lightweight Application
Security Process
Security patterns
Moffat
Core security requirements artifacts
Tropos

8. Agree on
definitions
SQUARE
Identify
security
goals
Develop
Artifacts
Perform risk
assessment
Select
elicitation
techniques
Elicit security
requirements
Categorize &
Prioritize
requirements
Requirement
s inspection
Team

9. Agree on
definitions
SQUARE
Identify
security
goals
Develop
Artifacts
Perform risk
assessment
Select
elicitation
techniques
Elicit security
requirements
Categorize &
Prioritize
requirements
Requirement
s inspection
Team
Step - Input - Techniques – Participants - Output

10. Software Development Models
Waterfall Agile Iterative Incremental PrototypeSpiral

11. Security Ambassador VS Application Security Team

12. Questions?See you next time, have nice day!
Подписывайтесь, ставьте лайк, максимальный репост!