CISSP · Question #471
Which of the following practices provides the development of security and identification of threats in designing software?
The correct answer is D. Threat modeling. Threat modeling is a practice that provides the development of security and identification of threats in designing software. Threat modeling is a systematic process of identifying, analyzing, and mitigating the potential threats and vulnerabilities that could affect a software sy
Question
Which of the following practices provides the development of security and identification of threats in designing software?
Options
- AStakeholder review
- BRequirements review
- CPenetration testing
- DThreat modeling
How the community answered
(53 responses)- A2% (1)
- B2% (1)
- C6% (3)
- D91% (48)
Explanation
Threat modeling is a practice that provides the development of security and identification of threats in designing software. Threat modeling is a systematic process of identifying, analyzing, and mitigating the potential threats and vulnerabilities that could affect a software system. Threat modeling helps to design secure software by applying security principles, such as defense in depth, least privilege, and fail-safe defaults, throughout the software development life cycle. Stakeholder review, requirements review, and penetration testing are not practices that provide the development of security and identification of threats in designing software, although they may contribute to the overall security assurance of the software. Stakeholder review is a process of obtaining feedback and approval from the stakeholders of a software project, such as customers, users, managers, and developers. Requirements review is a process of verifying and validating the functional and non- functional requirements of a software system, such as performance, usability, reliability, and security. Penetration testing is a process of simulating real-world attacks on a software system to identify and exploit its vulnerabilities and weaknesses.
Topics
Community Discussion
No community discussion yet for this question.