answer all questions w/ 2 sources
Chapter 7
1- Why is it important to incorporate security throughout the SDLC instead of just in one phase or another? Provide justification for your position.
2- How can limiting scope creep enhance the security of a software system?
3- Why should requirements gathering be prevented after the scope of the system is defined? What implications does this have for both development and security?
4- Should the scope of a software system ever be modified to accommodate security changes? Justify your position.
5- Why is it important to rank the importance of various stakeholders involved in system development? Justify your answer with examples.
Chapter 8:
1- Summarize in your own words why it is beneficial to create a vulnerability map for a planned software system. What are the risks when you do not consider the inherent system vulnerabilities in planning?
2- Why should a system always be constructed to fail safely? What are the minimum expectations for a general system to have failed safely?
3- Would there be risks associated with an attacker getting a copy of the complete business system specification? Justify your position and provide examples to support your argument.
4- What is the purpose of the complete business system specification ? Why is it important from the perspective of security ?
, development and the operations of the functions of the respective systems.
5- Why is it important to establish a ranking of vulnerabilities in a system? Use examples to show vulnerability priorities in action.
