The methodology described—iterative and incremental prioritization of requirements based on importance—perfectly aligns with the MoSCoW method.
MoSCoW stands for:
M – Must have (critical requirements that are mandatory),
S – Should have (important but not essential),
C – Could have (desirable but optional),
W – Won’t have (this time) (deferred or out of scope).
It is widely used in security, risk management, and software development to determine the priority of tasks or requirements that should be implemented first.
By applying MoSCoW, Marry ensures that critical security requirements (such as protecting core assets) are addressed first before moving on to less critical ones.
Why the Other Options Are Incorrect:
A. Data sampling: Refers to statistical analysis methods, not prioritization.
C. Data visualization: Used to represent data graphically, not for setting priorities.
D. Fusion analysis: Used to integrate multiple data sources for intelligence analysis, not requirement prioritization.
Conclusion:
Marry should use the MoSCoW prioritization methodology to structure and prioritize her organization’s security requirements.
Final Answer: B. MoSCoW
Explanation Reference (Based on CTIA Study Concepts):
In CTIA’s requirement prioritization and planning stages, MoSCoW is used to assign importance levels to intelligence and security requirements for efficient implementation.
