"Security Requirements Engineering" – Secure software in digital product development

Course No. DPS-01E SRE

To protect digital products from cyber attacks, you need to know who the attackers are, how they operate and what their goals are. For this purpose, a complete threat modeling is carried out systematically and methodically with the aim of reducing or even eliminating the effects of the identified threats.

In our two day workshop you will learn the theoretical basics of threat analysis and the different tools of security requirements engineering combined with practical exercises.

The following topics are covered on the first day:

• Security Requirements Engineering - Why?
• Differences between threat, vulnerability and endangerment?
• What is security? ... or how do we develop a secure product?
• Location and safety environment of the product where should the product be used?
• What can go wrong? Basics and process of a threat analysis
• How safe should the product be?

Second day (our practical part):

• Definition of assets
• Analysis of the protection requirements
• Threat analysis with the help of S.T.R.I.D.E.
• Assessment of threats
• Documentation of security requirements
• Elaboration of countermeasures