A security architect is working on a new financial application development project. During the requirements analysis phase, which approach would be BEST to ensure that security requirements are properly identified and integrated into the system design?
Conducting stakeholder interviews and threat modeling workshops
Reviewing documentation from existing financial systems
Applying standard compliance checklists to the requirements
Deferring security requirements until the development phase
The correct answer is conducting stakeholder interviews and threat modeling workshops together. Requirements analysis in the system development lifecycle must establish a clear understanding of security needs from both business and technical perspectives. Stakeholder interviews help gather business requirements and organizational constraints, while threat modeling workshops help identify potential threats, vulnerabilities, and security controls needed. This combined approach ensures security requirements are comprehensive, addressing both business needs and technical security concerns.
Reviewing existing system documentation alone is insufficient as it doesn't address the unique requirements of the new system. Deferring security requirements to the development phase is too late in the lifecycle and creates costly rework. Relying exclusively on compliance checklists may miss context-specific threats and security needs unique to the application being developed.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are stakeholder interviews and why are they important in security requirements analysis?
Open an interactive chat with Bash
What is threat modeling and how does it contribute to security in system design?
Open an interactive chat with Bash
What are some common pitfalls when analyzing security requirements for new systems?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access