Without proper definition of security requirements, systems fail. Which of the following can be used to capture detailed security requirements?

A.
Threat modeling

B.
Data classification

C.
Risk assessments

D.
All of the above

Explanation:
D: Threat modeling can be used to determine the threats to your system or software, which can be used to generate detailed countermeasure requirements. Data classification can be used to determine appropriate levels of protection for the data that is transmitted or stored and this can be used to determine confidentiality, integrity or availability requirements. Determining residual and acceptable risk thresholds can be used to generate security requirements as well. Page 677.