A system should have certain properties (but not others). It should do certain things (but not others). It should be handled (or interacted with) in certain ways by certain parties (who should not be allowed to do things differently) while an authoritative party enforces this state of affairs by means of policy.
All this is subject to change without notice due to changing factors such as regulations, architecture or risk.
Functional, non functional or derived - no wonder security requirements are elusive.
(some of) my events
- 2023-11-16 Psychological perspectives on understanding human decision-making in situations involving risk and uncertainty (attending symposium, Stockholm)
- 2023-08-23--24 Riskbaserat arbetssätt (teaching course, Stockholm)
- 2023-05-30 Informationssäkerhet och risk (pod interview in Swedish)
- 2023-05-11 Certifierad IT-arkitekt (guest lecturing, Stockholm)
- 2022-12-05 Datavetenskapliga programmet (guest lecturing, University of Gävle)
Subscribe to:
Post Comments (Atom)
20230802
No comments:
Post a Comment