Requirements Specifier

Revision as of 06:10, 26 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

links australia getaway great holiday package sitemap [ australian embassies in africa ] [ autostorage garland lease lots texas ] [ open learning australia melbourne ] [ gay asian men videos ] [ asian idol wallpapers ] [ ] [ auto market shares ] [ garden shed sydney australia ] [ australia company uranium ] [ auto auto car dependable enclosed shipper shipper shipper ] [ australian universities ranked ] [ automatic bristle cutter material ] [ australia in 1900s ] [ zone alarm antivirus review ] top webmap [ africa culture gabon ] [ african queen author ] [ australia drive hard quantum ] [ chase manhattan bank automotive finance ] domain [ engineering jobs melbourne australia ] [ avg antivirus free download ] [ african animal figure wood ] page [ autograph evolution star war ] [ auto columbus georgia in part used ] [ womens day magazine australia ] [ beautiful asian chick ] [ australia backpackers hostel perth ] [ jerrys auto baltimore ] [ endangered spieces in africa ] [ herringway iasia shabazz ] [ macafee antivirus update ] [ 2006 asian game x ] index [ business community south africa ] [ cd shop online australia ] [ australian greeting card association inc ] [ automated deployment services ads ] [ norton antivirus norton27s anti virus software ] [ stinger antivirus tools ] [ 500 auto club nascar ] [ mtv asia ] [ minnesota auto auctions ] antivirus free download mcafee

Role Description

The requirements specifier has these major tasks:

  • He is first responsible for detailing business requirements that are security relevant, particularly those things that will need to be considered by an architect. In most organizations, these two roles will work closely on security concerns and will generally iterate frequently.
  • After the team has identified a candidate architecture, the requirements specifier should look at the resources present in that architecture and determine what the protection requirements for those resources are. CLASP promotes a structured approach to deriving these requirements, categorizing resources into protection levels, and addressing each core security service for each protection level.
  • Particularly when using a protection-level abstraction, it is possible to reuse security requirements across projects. This not only saves a tremendous amount of time for requirements specifiers; it also prompts organizations to compare the relative security of multiple projects.
  • In organizations that develop use cases, a requirements specifier can also specify misuse cases, which demonstrate to the stakeholder the major security considerations that manifest themselves in the system design. For example, they may document mitigation technologies and how they impact the user, as well as risks that may still be present in a system, thereby allowing the stakeholder to develop compensating controls at an operational level.

Requirements specifiers traditionally do not have the breadth of security expertise necessary to build highly effective security requirements. For that reason, we recommend reading CLASP Resources A, B, C and D thoroughly.