Exam 5: Software Requirements: Hear What They Say, Know What They Mean, Protect What They Own

When requirements begin to creep in from all angles without any further analysis, this is called scope creep.

Descriptive words make the misuse more complicated and chaotic.

Why are developers concerned with application assets?

The honest, open-ended approach is too vague of an approach to begin the communication process.

There should be a dependent relationship between the developer and analyst that ensures that both individuals have done their jobs.

Misuse cases are similar to use cases only they are the opposite.

The needs statement provides the main mission or purpose of the application.

Why is it important to know your enemies in an attack?

Visualization is very powerful and it will certainly help your overall understanding of the requirements.

Only the project manager has the responsibility of identifying assets.

What do interaction diagrams do for requirements?

Knowing the enemy preconditions will help the management team determine if the cost of developing countermeasures overrides the risk of taking a chance.

What do preconditions define in a misuse case?

The relationship between use case documentation and its counterpart misuse case are independent of each other.

C.I.A. stands for confidentiality, integrity, and accountability.

What does 'meaningful requirements' mean?

Catching software requirements errors at the beginning of the development process is very costly.

The first step in devising a misuse case is putting a face to your enemy.

When listing attack types, don't let everyone on the team contribute options.

Who is responsible for helping in the identification of assets?