Collaborate Disseminate
Are there any defined approaches that help you identify security requirements given that you have a specific decription of a system design? After a little research, I found OWASP Application Security Verification Standard. I am sure that t… Continue reading Are there any defined approaches to identify security requirements of a system? [closed]
The safety requirement confuses me when I look at security risk assessment methodologies. Looking at safety alone, it usually is related to the physical aspect and the physical interactions between a system and the user. But it also looks … Continue reading Safety assessment vs. Security assessment. What’s the difference?
There are many risk assessment guidelines such NIST800-30 and ISO 27005 that provide a catalogue of known threats as reference. Using a qualitative approach, I selected one threat events catalogue and I tried to select the threats that are… Continue reading How to use pre-existing threat catalogue to determine if a certain system is vulnerable?