Given a set of requirements, devise tests so that each requirement has an associated test set. Trace test cases back to requirements to ensure that all requirements are covered. In security testing it can also be useful to build test cases around ambiguities in the requirements.