1.1 - Create the Matrix

Goal

The objective is to systematically link each identified feature and its security considerations, ensuring that all potential security issues are thoroughly documented, accounted for, and tested. This helps ensure completeness in security testing and maintains traceability from requirements through to validation.

Develop a traceability matrix that maps each feature identified in the next phases to specific security risks and the corresponding tests planned to address these risks. This matrix acts as a master document to ensure that all security considerations are addressed and to track progress against security objectives.

How to Execute

  1. Identify Features and Associated Risks
    • Description: Begin by listing all features of the application along with any potential security risks identified during the threat modeling process.
    • Tools/Techniques:
      • Use documentation from next phases such as component mapping and critical assessments.
      • Engage with stakeholders to ensure comprehensive coverage of features and risks.
    • Output: A detailed list of application features alongside identified security risks, ensuring no critical element is overlooked.
  1. Define Security Requirements
    • Description: For each feature and its associated risk, define specific security requirements that aim to mitigate these risks. Note: this is for verified vulnerabilities only.
    • Tools/Techniques:
      • Refer to security best practices, compliance requirements, and industry standards to formulate these requirements such as ASVS.
    • Output: Documented security requirements for each feature, mapped against the risks identified, ensuring each risk is addressed with a targeted security measure.
  1. Map to Planned Tests
    • Description: Link each security requirement to specific tests that will verify whether the requirement has been adequately addressed.
    • Tools/Techniques:
      • Work closely with the quality assurance (QA) team to develop test plans that cover all security requirements.
      • Utilize test management tools to ensure traceability and manage test execution.
    • Output: A comprehensive mapping of security requirements to planned tests, ensuring all security aspects are verified.
  1. Create the Traceability Matrix
    • Description: Assemble all the collected information into a structured matrix format. This matrix will provide a visual and functional mapping of features to risks, requirements, and tests.
    • Tools/Techniques:
      • Use spreadsheet software or a specialized requirements management tool to create and maintain the matrix.
      • Ensure the matrix is accessible and understandable to all project stakeholders.
    • Output: The completed Requirements Traceability Matrix, serving as the master document for tracking the security testing lifecycle from feature specification through to test verification.

results matching ""

    No results matching ""