Here are three types of information security requirements:<\/p>\n
Functional requirements<\/strong>\u00a0describe what a system has to do. So functional security requirements describe functional behavior that enforces security. Functional requirements can be directly tested and observed. Requirements related to access control, data integrity, authentication, and wrong password lockouts fall under functional requirements.<\/p>\n Nonfunctional requirements<\/strong>\u00a0describe what a system has to be. These are statements that support auditability and uptime. Nonfunctional security requirements are statements such as \u201cAudit logs shall be verbose enough to support forensics.\u201d Supporting auditability is not a direct functionality requirement, but it supports auditability requirements from regulations that might apply.<\/p>\n Derived requirements<\/strong>\u00a0are inspired by the functional and nonfunctional requirements. For example, if a system has a user ID and PIN functional requirement, a derived requirement might define the number of allowable incorrect PIN guesses before an account is locked out. For audit logs, a derived requirement might support the integrity of the logs, such as log injection prevention.<\/p>\n -Prince\u00a0<\/p>\n ref-https:\/\/www.synopsys.com\/blogs\/software-security\/software-security-requirements\/<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" Here are three types of information security requirements: Functional requirements\u00a0describe what a system has to do. So functional security requirements describe functional behavior that enforces security. Functional requirements can be directly tested and observed. Requirements related to access control, data integrity, authentication, and wrong password lockouts fall under functional requirements. Nonfunctional requirements\u00a0describe what a system […]<\/p>\n","protected":false},"author":12990,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[663943],"tags":[],"class_list":{"0":"post-630","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-instructor","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5203sec001spring2021\/wp-json\/wp\/v2\/posts\/630","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5203sec001spring2021\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5203sec001spring2021\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5203sec001spring2021\/wp-json\/wp\/v2\/users\/12990"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5203sec001spring2021\/wp-json\/wp\/v2\/comments?post=630"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5203sec001spring2021\/wp-json\/wp\/v2\/posts\/630\/revisions"}],"predecessor-version":[{"id":631,"href":"https:\/\/community.mis.temple.edu\/mis5203sec001spring2021\/wp-json\/wp\/v2\/posts\/630\/revisions\/631"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5203sec001spring2021\/wp-json\/wp\/v2\/media?parent=630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5203sec001spring2021\/wp-json\/wp\/v2\/categories?post=630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5203sec001spring2021\/wp-json\/wp\/v2\/tags?post=630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}