What are the common approaches followed for developing high-level and detailed requirements using SQUARE?
Approach 1 is to think about classes of requirements. For example, for access control, you would consider whether there are assets that need to be protected with access control and how you would go about implementing it. You could use a document such as OWASP’s Development Guide to get started. A list of candidate requirements areas can be found in the “Security Requirement Areas” section starting on page F-12 of Software Assurance in Acquisition: Mitigating Risks to the Enterprise. Approach 2 is to use scenarios. If you have normal user scenarios and intruder scenarios, it is pretty easy to understand what the security requirements should be. You need to understand the architecture in order to use this approach, however. In both approaches it should be relatively easy to think about what is needed to block the threat or intrusion or what is needed to protect the assets. You should do this informally and not worry about writing requirements, statements, or use cases initially. You migh
Related Questions
- This might be the most common question here: "Whats the cheapest way from City A to City B," closely followed by, "Whats the best way?
- What are the browser requirements for Services Registry and other COMMON LANGUAGE Products Web applications?
- What are the common approaches followed for developing high-level and detailed requirements using SQUARE?
