Why do we need system-specific security requirements? Can't we just comply with instructions? Yes we can, and we must. But it's not enough.
A new system does new stuff (or familiar stuff in new ways) or we wouldn't bother constructing it. New stuff means new risk components (assets, threat sources, vulnerabilities) and consequently new risk. New risk means we cannot simply rely on old rules. We need to rethink how security is implemented for this very system. System-specific security requirements.
(some of) my events
- 2019-12-12 Datakommunikation och IT-säkerhet (guest lecturing, Högskolan i Gävle)
- 2019-11-21--22 Samlingsforum 2019 (attending conference, Nyköping)
- 2019-11-05 Certifierad IT-arkitekt (guest lecturing, Stockholm)
- 2019-10-08 Riskkollegiets seniora pris (co-hosting seminar in Gothenburg)
- 2019-08-22 RISKUT 2019 (co-hosting conference, Stockholm)
2015-04-20
Subscribe to:
Posts (Atom)
last chance...
