Table 4.
Results of third iteration during applying our methodology on the HR system.
| Step | Results |
|---|---|
| System modeling | The domain Campus Network is updated to be Encrypted Network in an attempt to add a design solution to satisfy the security requirement that constrains the data sent over the campus network to be understandable by eavesdroppers. |
| Identify assets | Assets: |
| No new assets | |
| Identify threats and vulnerabilities | The threat described in AF3 is still applicable and can cause vulnerability because we are not sure if encryption keys are secure |
| Identify security requirements | The following trust assumptions are added: |
| – Encryption Network domain uses secure encryption keys. | |
| – Authentication Data is secure | |
| Security requirements evaluation | The requirements complete each other and do not cause conflicts |