Please enable JavaScript.
Coggle requires JavaScript to display documents.
SQUARE (SECURITY QUALITY REQUIREMENTS ENGINEERING) - Coggle Diagram
SQUARE (SECURITY QUALITY REQUIREMENTS ENGINEERING)
Process Model developed at
Carnegie University
Provides a means for eliciting, categorizing & prioritizing security requirements
Focus of the model is to build security concepts into the early stages of SDLC
Who is involved :question:
:check:Stake Holders of the PRoject
:check:Requirements engineer with security expertise
STEPS
AGREE
Agree on Definitions
EXIT CRITERIA - Documented Set of definitions
Example - Non-Repudiation, DOS
ASSETS
Identify Assets and Security goals
Exit Criteria - One business Plan and many security goals
ARTIFACTS
Collect or create artifacts that will facilitate generation of security requirements
Example - System Architecture Diagram, Attack Trees
RISK
RISK ASSESSMENT
Exit Criteria - Documentation of all threats, their likelihood and classification
ELICIT
Select Elicitation Technique
Select appropriate technique for the number and expertise of stakeholders, requirements engineers and size
ELICIT SECURITY TECHNIQUE (HEART OF SQUARE)
Execute the elicitation technique. Concentrate on what not how
Exit Criteria - Initial Document with Requirements
CATEGORIZATION
Categorize Requirements
Classify requirements into essential, non-essential, system, software, architectural constraints
PRIORITIZATION
Use risk assessment and categorization of results to
prioritize requirements
Prioritization Technique
TRIAGE
Triage is an area in which the decision makers must know what they are doing, why they are doing and what must be done to achieve the goals
:red_flag:Immediate category, Urgent Category and Delayed category
AHP
AHP is a method for organizing and analyzing complex decisions using math and psychology
:<3:It provides a rational framework for a needed decision by quantifying its criteria and alternative options
ANALYTICAL HIERARCHIAL PROCESSING
INSPECT
Inspection aids in creating accurate and verifiable security requirements.
Fagan inspection/peer reviews
FAGAN Inspection is a software inspection technique used to detect defects in software artifacts such as requirements documents, design specifications or code.