New
About
Case Studies
Resources
Contact

Requirements Set Framework
Acronyms
Signup

Return to Home

Visit SBDi Blog


     Bookmark and Share

 

The "Predator" Group


A predator can be any person, organization, or system that should not have access to your data, process, network, system, or application. In the world of the Internet, this predator is sometimes referred to as the "hacker." As the current viruses have illustrated, it is impossible to ward off all attacks. We can, as Requirements Engineers, take steps to minimize their infiltration.

SBDi's recommendation coincides with the "Child Proof Cap" scenario for medicine and toxins. We suggest the following:

  1. That you add an actor or user called "predator" to your list of "who" requirements. (Who requirements are one type of requirements that identify all roles, organizations, or systems that are part of the scope of the investigation)

  2. That you add them to every use case, work flow where other users are listed. Document any precautions that need to be in place at each point of possible entry.

  3. Develop an association between the predator and each class/subclass (entity/subtype), network node, event, business policy/rule, function. Document what priority the association can be (low, medium, high, critical security issue!). Security comes at a price. The purpose of this association is to priorities the security restriction of what the predator can not have access to at any cost. The association can be done in many CASE tools, Requirements Management tools, or simply a spreadsheet. Make sure those that approve the requirements also review the "Predator Association and Priority Matrices."

  4. Document a process and procedure if a predator slips through the cracks and infiltrates.


The objective of the previous 4 steps is to plan ahead. By documenting the potential predator, everyone thinks about it. Without documenting the possibility, important security requirements may be overlooked and omitted.

RECOMMENDED READING: The child proof cap scenario is discussed in great detail in a wonderful book, Are Your Lights On by Don Gause and Jerry Weinberg (Dorset House).

Hope this tip helps. Please feel free to contact Strategic Business Decisions, inc. if you have any questions or comments on this months tip.


Pat Ferdinandi

       Bookmark and Share

Top of Page   |   View Current Tip   |   Get Tips in Your Email!   |   Visit Our Blog

 
SBDi Strategic Business Decisions, inc.
PO Box 638, Montclair, NJ 07042 973-509-9427 info@SBDi-Consulting.com
© 2000-2010 Strategic Business Decisions, inc. (SBDi). All rights reserved.
Content may not be reprinted, in whole or in part, without express permission from SBDi.