Security Objectives

From Guidance Share

Jump to: navigation, search

Security objectives should be identified as early in the development process as possible, ideally in the requirements and analysis phase. Security objectives are critically important. If you do not know what the objectives are for your application, then it is difficult to be successful with any other security activity.

Security objectives are used to:

  • Filter the set of design guidelines that are applicable.
  • Guide threat modeling activities.
  • Determine the scope and guide the process of architecture and design reviews.
  • Help set code review objectives.
  • Guide security test planning and execution.
  • Guide deployment reviews.

In each activity, you can use the security objectives to help you focus on the highest value areas while avoiding issues that will not affect your application.

Getting Started

Personal tools