Getting Started#

Getting Started on Security Analysis
status: valid
tags: security_analysis
relates to: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch, wf__mr_sec_analyses, wf__vy_sec_analyses
doc_getstrt__security_analysis
Getting Started

This document outlines the steps for performing, monitoring, and verifying Security Analysis. Security Analysis is used as an umbrella term for different methods. The concept of performing Security Analysis is described in Security Analysis Concept (doc_concept__security_analysis). The verification of the architecture is described in Architecture Process (doc_concept__arch_process).

Security Analysis Steps#

The goal of the Security Analysis is to prove that the security requirements for functions and security controls are not violated and that they are complete, consistent and correct. The Security Analysis is performed in three steps.

  • Analyze the architecture with provided methods.

  • Monitor the Security Analyses and log any issues in the Issue Tracking system with the security label until the analysis is completed.

  • Verify the Security Analyses results by using Security Analysis Checklist... (gd_chklst__security_analysis). The Security Analysis is completed when the verification is done, no issues are open and the status is “valid”.

The details of what needs to be done in each step are described in the Security Analysis Guideline (gd_guidl__security_analysis). For the Security Analysis templates are used. The templates are described in the Security Analysis Threat Templates and Security Analysis Threat Scenario Templates.