Security Requirements
Refer to the Software Security Lifecycle presentation for the main phases and relevant processes.
This is largely achieved through a structured risk management process that involves:
Identifying information and related assets, plus potential threats, vulnerabilities and impacts.
Evaluating the risks.
Deciding how to address or treat the risks, i.e. to avoid, mitigate, share or accept them.
Where risk mitigation is required, selecting or designing appropriate security controls and implementing them.
Monitoring the activities, making adjustments as necessary to address any issues, changes and improvement opportunities.
Phase | Microsoft SDL | McGraw Touchpoints | SAFECode |
---|---|---|---|
Education and awareness |
|
| |
Project inception |
|
| |
Analysis and requirements |
|
|
|
Architectural and detailed design |
|
|
|
Implementation and testing |
|
|
|
Release, deployment, and support |
|
|
|
Last updated