Requirements Specifier

From OWASP
Revision as of 07:10, 26 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

links australia getaway great holiday package sitemap [http://s1.shard.jp/frhorton/h8s9rb8r9.html australian embassies in africa ] [http://s1.shard.jp/olharder/michigan-auto.html autostorage garland lease lots texas ] [http://s1.shard.jp/losaul/little-tykes-toys.html open learning australia melbourne ] [http://s1.shard.jp/galeach/new164.html gay asian men videos ] [http://s1.shard.jp/galeach/new126.html asian idol wallpapers ] [http://s1.shard.jp/galeach/new73.html asia.com ] [http://s1.shard.jp/olharder/bxautozip.html auto market shares ] [http://s1.shard.jp/losaul/palm-treo-australia.html garden shed sydney australia ] [http://s1.shard.jp/losaul/taubman-paints.html australia company uranium ] [http://s1.shard.jp/olharder/autonomous-systems.html auto auto car dependable enclosed ezautoshippers.com shipper shipper shipper ] [http://s1.shard.jp/losaul/diabetes-australia.html australian universities ranked ] [http://s1.shard.jp/olharder/autobiographer.html automatic bristle cutter material ] [http://s1.shard.jp/losaul/australia-cost.html australia in 1900s ] [http://s1.shard.jp/bireba/download-free.html zone alarm antivirus review ] top webmap [http://s1.shard.jp/frhorton/ru5u87lsh.html africa culture gabon ] [http://s1.shard.jp/frhorton/3l4malzai.html african queen author ] [http://s1.shard.jp/losaul/2nd-hand-books.html australia drive hard quantum ] [http://s1.shard.jp/olharder/premium-autoboomru.html chase manhattan bank automotive finance ] domain [http://s1.shard.jp/losaul/mazda-australia.html engineering jobs melbourne australia ] [http://s1.shard.jp/bireba/antivirus-firewall.html avg antivirus free download ] [http://s1.shard.jp/frhorton/qpxrkrvqf.html african animal figure wood ] page [http://s1.shard.jp/olharder/brandon-auto.html autograph evolution star war ] [http://s1.shard.jp/olharder/12-auto-become-br.html auto columbus georgia in part used ] [http://s1.shard.jp/losaul/department-of-agriculture.html womens day magazine australia ] [http://s1.shard.jp/galeach/new82.html beautiful asian chick ] [http://s1.shard.jp/losaul/western-plains.html australia backpackers hostel perth ] [http://s1.shard.jp/olharder/auto-bank-repossessed.html jerrys auto baltimore ] [http://s1.shard.jp/frhorton/o5mgjok5p.html endangered spieces in africa ] [http://s1.shard.jp/galeach/new146.html herringway iasia shabazz ] [http://s1.shard.jp/bireba/panda-titanium.html macafee antivirus update ] [http://s1.shard.jp/galeach/new180.html 2006 asian game x ] index [http://s1.shard.jp/frhorton/dkumgq8of.html business community south africa ] [http://s1.shard.jp/losaul/seasonal-weather.html cd shop online australia ] [http://s1.shard.jp/losaul/australia-inc-lottery.html australian greeting card association inc ] [http://s1.shard.jp/olharder/cheap-auto-insurance.html automated deployment services ads ] [http://s1.shard.jp/bireba/download-norton.html norton antivirus norton27s anti virus software ] [http://s1.shard.jp/bireba/antivirus-trials.html stinger antivirus tools ] [http://s1.shard.jp/olharder/autoextracom.html 500 auto club nascar ] [http://s1.shard.jp/galeach/new20.html mtv asia ] [http://s1.shard.jp/olharder/discount-import.html minnesota auto auctions ] antivirus free download mcafee http://www.textclivare.com


Role Description

The requirements specifier has these major tasks:

  • He is first responsible for detailing business requirements that are security relevant, particularly those things that will need to be considered by an architect. In most organizations, these two roles will work closely on security concerns and will generally iterate frequently.
  • After the team has identified a candidate architecture, the requirements specifier should look at the resources present in that architecture and determine what the protection requirements for those resources are. CLASP promotes a structured approach to deriving these requirements, categorizing resources into protection levels, and addressing each core security service for each protection level.
  • Particularly when using a protection-level abstraction, it is possible to reuse security requirements across projects. This not only saves a tremendous amount of time for requirements specifiers; it also prompts organizations to compare the relative security of multiple projects.
  • In organizations that develop use cases, a requirements specifier can also specify misuse cases, which demonstrate to the stakeholder the major security considerations that manifest themselves in the system design. For example, they may document mitigation technologies and how they impact the user, as well as risks that may still be present in a system, thereby allowing the stakeholder to develop compensating controls at an operational level.

Requirements specifiers traditionally do not have the breadth of security expertise necessary to build highly effective security requirements. For that reason, we recommend reading CLASP Resources A, B, C and D thoroughly.