Security Requirement:

This is one of the earliest phases of the software development lifecycle which ensures that security specifications are involved in the requirement process. This helps to reduce the cost of adding security features by preventing the rework of doing it in later phases of the lifecycle.

Firstly, the security features are designed and documented in SRS. Ten these features are used in all the subsequent phases of SSDLC such as design, development and testing to check for compliance of all the security requirements that are mentioned.

There are two types of security requirements:

  • Functional Requirement: These are the list of secured functions that are to be performed by the software. The output is checked and evaluated for specific inputs and the result is analysed. These could be the technical details, data manipulation, calculations etc. The functional requirements are further supported by non-functional requirements which check for the constraints in the design and implementation of the software.
  • Non Functional Requirements: These refer to the security related features required by the software from the environment it will be working in. They specify the characteristics such as cost, performance etc. highlighting the features such as constraints, non-functional behaviour and quality factors. They are more related to the technical architecture. The qualities in non-functional requirements can be further classified as :
  • Execution Qualities: usability, security and (NOTE: Find another appropriate word as per the context)at run time
  • Evolution Qualities: testability, maintainability, extensibility and/or (NOTE: Find another appropriate word as per the context)

Important features:

●     The project is reviewed and the security features are identified and specified based on the functionality

●     Their compliance is checked and additional requirements are identified

●     The requirements identified should be reasonable, specific and measurable.