Professional Documents
Culture Documents
Security requirements
Students Name:
Professors Name:
Course:
Date:
SECURITY REQUIREMENTS
2
Due to the gradual changes in the technology, there are several types of requirements
ranging from high-level business requirements up to the detailed technical specifications that
describe an intricate part of a computer hardware device or algorithm (Anwar et al. 2017). With
this in mind, we will discuss who utilizes the requirements, how to implement security
Concerning the expertise of the recipient and architects, it may be satisfactory to pen
down a requirement that talks about something in the manner of traffic to the app server should
only be authorized from the web cancellation network to the application server. Only permit
HTTP traffic. Disallow all other traffic from the web cancellation network to the app server.
remarkable architecture and design functions within the networking team, a very high-level
requirement may be needed. If the networking function already has significant skill and
investment, excellent pre-existing networking tools and architectures, the requirements can
assume those capabilities. On the other hand, if web layers are an entirely new concept, more
specification may be needed even down to the specific tool that will administrate the layering.
The aphorism for acquiring requirements to the right level of the specification is enough
to deliver an implementation that will match the security objectives. For instance, a security
architect is not bothered with how limitations are applied but rather that it will be hard for an
attacker to use the terminating network. DMZ, as a foothold to attack the application server. The
security architect is concerned about averting a loss of control of the bastion network to damage
the whole environment beginning with the app server. This implicates that traffic to the app
server must be confined to only those systems that should be conversing with it, with traffic
coming from cancellation to the app server, not the other way around.
SECURITY REQUIREMENTS
3
Getting security requirements implemented is possible through agile software (de Vicente
Mohino et al. 2019). The objective of agile is deep engagement based upon trust and personal
reliability. Since agile software allows the design to come out of an innovative, productive, and
automatic process tries to issue edicts and anticipate flawless constancy to fly directly in the face
governance processes and command. Governance based on strict obedience is meant to fail, or
the agile will fail since they are entirely incompatible. Firstly, there must be enough architecture
as well as an armature, an architecture scaffolding upon which the quick, productive procedure
can build. The architecture scaffolding will be created in the usual waterfall procedure before
handed to sprint teams. Not forgetting whether agile or not something will change in the process
of formation. The longer the creation cycle, the more chances for something to change that
There are several ways in which good requirements go wrong. For instance, when the
architecture design has been altered during development, the requirements can no longer be
applied as directed. This is because some of the software cannot be restricted to a particular app
meaning that it's a lousy requirement with good motives but did not consider real-world
architecture and potentials of the structure enhancing the application. Finally, there are situations
where talented individuals go too far. This is because they are paid to deliver in time; hence they
opt to take shortcuts to success, meaning that they limit as many requirements as possible. This
means that they try to manipulate the process to the ground that my add objects for delivery as
security does. This may also cause good requirements to go wrong, but the availability of
governance helps solve these cases for the profitability of the whole organization and system.
SECURITY REQUIREMENTS
4
References
Anwar, S., Mohamad Zain, J., Zolkipli, M. F., Inayat, Z., Khan, S., Anthony, B., & Chang, V.
de Vicente Mohino, J., Bermejo Higuera, J., Bermejo Higuera, J. R., & Sicilia Montalvo, J. A.
(2019). The application of a new secure software development life cycle (S-SDLC) with