Verify the proposal
Have you finally got everything listed? What if there’s a mistake in your proposal? Software development includes a testing phase to find bugs. It is advisable to do this at this point as well. Finding such a bug at the end of development could cost you a lot of money, because redesigning a poorly designed system is not easy. But it’s still better than a potential attacker discovering the bug in live operation. So what should you do?
• Go through the proposed UML, UC, ER, Dataflow diagrams, … and analyze them from a security point of view.
• Try to imagine how the system will react when a threat appears. And model a similar situation.
• When a problem occurs, how do you restore the system to run properly?
• How do you find out information about what happened? Do you have any audit logs?
• Have you selected third-party components and services? How is regular updating ensured and who will check for errors?
• Now that you have written the NFRs, have you defined acceptance criteria? Do you know how each requirement will be met? Does also the project manager know and takes this into account?
• Have you ensured the system is sufficiently documented and individual users will know how to use it? For example, who can set user rights and how?