Activity Information Define Security Requirements
DescriptionSecurity requirements specify steps taken to protect the organization's information assets. They must take into consideration any industry-specific regulatory requirements. These requirements deal with identity and authentication, access control and authorization, accounting and auditability, and data integrity and privacy. Attributes| Element Categories | [CMMI Level 3] RD SP 3.2, [CMMI Track 2] Planning, [CMMI Level 3] RD SP 2.1 | | When | After the input requirements are available. | | Entry Criteria | User Scenarios Complete:
User scenarios have been created, reviewed, and approved.
Quality of Service Requirements Complete:
Quality of service requirements have been created, reviewed, and approved.
Domain Model Complete:
The domain model has been created, reviewed, and approved. | | Exit Criteria | Security Requirements Baselined:
The security requirements are reviewed, approved, and baselined. | | Is Required | Yes |
StepsAnalyze Input Requirements:
Analyze the scenarios, quality of service requirements, and any industry-specific regulations for input requirements specific to security. Draft Security Requirements:
Create a draft of the security requirements from initial input. Review Security Requirements:
Review the draft security requirements. Update the requirements based on feedback. Baseline Requirements:
Baseline the reviewed and approved security requirements for the project. This baseline is used in change management and revising project estimates during replanning.
|
Last modified at 12/19/2007 10:37 AM by Administrator
|
|