How do you ensure that security requirements are properly allocated and tracked through the system development life cycle?