Overview of Functional Requirements

Functional security requirements describe functional behavior that enforces security.

Functional requirements can be directly tested and observed. Functional requirements in
computer security are useful in satisfying the CIA TRiad model(Confidentiality, Integrity,
Availability).
Requirements related to access control, data integrity, authentication, and wrong
password lockouts fall under functional requirements.

Composition of Functional Security

Computer Security Technical measures;

● Access Control:
Functional requirements related to access control dictate who is allowed to access
specific resources, what level of access they have, and under what conditions. This may
include user authentication, authorization rules, and policies.
● Authentication- User validation and verification
Functional requirements related to authentication specify how users or entities are
verified to ensure they are who they claim to be. It may involve multi-factor
authentication, biometrics, or token-based methods.

Management Controls(Procedures and principles):

● Incidence Response - the measures taken by an organization to analyze, solve

and draw insights from a security incident. In incident response: Several phases
are used to effectively respond to the incident.
● Preparation and planning: This is the process where the organization gathers
information, either by active or passive reconnaissance.