Chapter 7 & 8 - Why is it important to incorporate security
answer all questions w/ 2 sources
1- Why is it important to incorporate security throughout the SDLC instead of just in one phase or another? Provide justi?cation for your position.
2- How can limiting scope creep enhance the security of a software system?
3- Why should requirements gathering be prevented after the scope of the system is de?ned? What implications does this have for both development and security?
4- Should the scope of a software system ever be modi?ed to accommodate security changes? Justify your position.
5- Why is it important to rank the importance of various stakeholders involved in system development? Justify your answer with examples.
1- Summarize in your own words why it is bene?cial to create a vulnerability map for a planned software system. What are the risks when you do not consider the inherent system vulnerabilities in planning?
2- Why should a system always be constructed to fail safely? What are the minimum expectations for a general system to have failed safely?
3- Would there be risks associated with an attacker getting a copy of the complete business system speci?cation? Justify your position and provide examples to support your argument.
4- What is the purpose of the complete business system specification ? Why is it important from the perspective of security ?
, development and the operations of the functions of the respective systems.
5- Why is it important to establish a ranking of vulnerabilities in a system? Use examples to show vulnerability priorities in action.