From the course: CSSLP Cert Prep: 2 Secure Software Requirements

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Software requirement specifications

Software requirement specifications

From the course: CSSLP Cert Prep: 2 Secure Software Requirements

Start my 1-month free trial

Software requirement specifications

- [Instructor] As you identify more and more application security requirements, you'll quickly realize that everyone involved will benefit if you can somehow organize those requirements. Fortunately, ISC squared has done some pretty impressive legwork for you providing a framework that you can use when documenting the security requirements for your apps. ISC squared considers there to be four types of application security requirements; core, general, operational and other. Each security control that you determined to be relevant for the apps that you're protecting is likely to fall in one of these categories. It seems like we keep coming back to the CIA triad, doesn't it. There's a reason for that. It's because it works confidentiality, integrity and availability controls make up half of the core application security requirements. The other half of the core requirements fall into one of these three buckets,…

Contents