|
|
|
|
|
|
|
|
|
Enterprise MSF Agile (with CobiT) > Wiki Pages > Activity - Identify Security Objectives (Create a Quality of Service Requirement)
|
Activity - Identify Security Objectives (Create a Quality of Service Requirement)
|
|
|
|
|
|
Activity Information/Wiki%20Pages/images/icons/activity.gif) Identify Security Objectives
DescriptionOverview: Security objectives determine the levels to which the solution will protect itself and its assets. There may be data that needs to be protected, regulatory requirements, or intangible assets such as company reputation, trade secrets, or intellectual property. Security objectives should be specific, testable statements about what is to be protected. They should not specify how. Security objectives usually start with a "verb" such as "Prevent unauthorized users from obtaining account information for our customers". The asset should be clearly identified. StepsDocument the Security Objective:
Add a description of the security objective in the description field of the quality of service requirement work item. Be sure that the security objective refers to a specific asset and is testable. Leave design to the architects and developers.
If the brief description is not sufficient for complete understanding, write a more detailed form, providing goals and rationale. Clarify an vague or ambiguous areas of the objective. Attach Supporting Information:
Attach any references to regulatory information where applicable. Attach any scenarios that relate to the security objective. If the security objective affects all of the scenarios or a majority of them, simply note this rather than attaching very large numbers.
|
Last modified at 1/17/2008 11:18 PM by Administrator
|
|
|
|
 |
|
|
|
|