Incorporating Security Risk Analysis into Software Development

Building software that can predictably meet operational security needs is a challenge. This presentation will focus on appropriately identifying and evaluating security requirements based on operational risk. An analysis technique for determining system and software operational risk during development will be introduced. Results from a piloting organization will be shared.