Which of the following statements are true about Security Requirements Traceability Matrix (SRTM)? Each correct answer represents a complete solution. Choose two.
A.
It consists of various security practices that are grouped under seven phases.
B.
It is a software development security assurance process proposed by Microsoft.
C.
It allows requirements and tests to be easily traced back to one another.
D.
It provides documentation and easy presentation of what is necessary for the security of a system.
Explanation:
Security Requirements Traceability Matrix (SRTM) is a grid that provides documentation and easy presentation of what is necessary for the security of a system. SRTM is essential in those technical projects that call for security to be incorporated. SRTM can be used for any type of project. It allows requirements and tests to be easily traced back to one another. SRTM ensures that there is accountability for all processes. It also ensures that all work is being completed.Answer options B and A are incorrect. The Security Development Lifecycle (SDL) is a software development security assurance process proposed by Microsoft. It reduces software maintenance costs and increases reliability of software concerning software security related bugs. The Security Development Lifecycle (SDL) includes the following seven phases:
1.Training2.Requirements
3.Design
4.Implementation
5.Verification
6.Release
7.Response