Running head: SECURITY REQUIREMENTS 1

Security requirements

Students Name:

Professors Name:

Course:

Date:
SECURITY REQUIREMENTS
2

Due to the gradual changes in the technology, there are several types of requirements

ranging from high-level business requirements up to the detailed technical specifications that

describe an intricate part of a computer hardware device or algorithm (Anwar et al. 2017). With

this in mind, we will discuss who utilizes the requirements, how to implement security

requirements, and why good requirements go bad.

Concerning the expertise of the recipient and architects, it may be satisfactory to pen

down a requirement that talks about something in the manner of traffic to the app server should

only be authorized from the web cancellation network to the application server. Only permit

HTTP traffic. Disallow all other traffic from the web cancellation network to the app server.

Under circumstances in which adjustments to the revealed systems have to go through

remarkable architecture and design functions within the networking team, a very high-level

requirement may be needed. If the networking function already has significant skill and

investment, excellent pre-existing networking tools and architectures, the requirements can

assume those capabilities. On the other hand, if web layers are an entirely new concept, more

specification may be needed even down to the specific tool that will administrate the layering.

The aphorism for acquiring requirements to the right level of the specification is enough

to deliver an implementation that will match the security objectives. For instance, a security

architect is not bothered with how limitations are applied but rather that it will be hard for an

attacker to use the terminating network. DMZ, as a foothold to attack the application server. The

security architect is concerned about averting a loss of control of the bastion network to damage

the whole environment beginning with the app server. This implicates that traffic to the app

server must be confined to only those systems that should be conversing with it, with traffic

coming from cancellation to the app server, not the other way around.
SECURITY REQUIREMENTS
3

Getting security requirements implemented is possible through agile software (de Vicente

Mohino et al. 2019). The objective of agile is deep engagement based upon trust and personal

reliability. Since agile software allows the design to come out of an innovative, productive, and

automatic process tries to issue edicts and anticipate flawless constancy to fly directly in the face

of how benefits of agile are to be produced. Agile is an immediate response to control

governance processes and command. Governance based on strict obedience is meant to fail, or

the agile will fail since they are entirely incompatible. Firstly, there must be enough architecture

as well as an armature, an architecture scaffolding upon which the quick, productive procedure

can build. The architecture scaffolding will be created in the usual waterfall procedure before

handed to sprint teams. Not forgetting whether agile or not something will change in the process

of formation. The longer the creation cycle, the more chances for something to change that

creates problems that cause trouble in applying security requirements.

There are several ways in which good requirements go wrong. For instance, when the

architecture design has been altered during development, the requirements can no longer be

applied as directed. This is because some of the software cannot be restricted to a particular app

meaning that it's a lousy requirement with good motives but did not consider real-world

architecture and potentials of the structure enhancing the application. Finally, there are situations

where talented individuals go too far. This is because they are paid to deliver in time; hence they

opt to take shortcuts to success, meaning that they limit as many requirements as possible. This

means that they try to manipulate the process to the ground that my add objects for delivery as

security does. This may also cause good requirements to go wrong, but the availability of

governance helps solve these cases for the profitability of the whole organization and system.
SECURITY REQUIREMENTS
4

References

Anwar, S., Mohamad Zain, J., Zolkipli, M. F., Inayat, Z., Khan, S., Anthony, B., & Chang, V.

(2017). From intrusion detection to an intrusion response system: fundamentals,

requirements, and future directions. Algorithms, 10(2), 39.

de Vicente Mohino, J., Bermejo Higuera, J., Bermejo Higuera, J. R., & Sicilia Montalvo, J. A.

(2019). The application of a new secure software development life cycle (S-SDLC) with

agile methodologies. Electronics, 8(11), 1218.