Secure Application Development
Home faculty program location registration subscribe related past events	Planning and tracking security requirements Learning objectives Plan and track security requirements in a software project. Overview Organizations develop software applications to create value. Modern project planning and management techniques explicitly take value creation into consideration when allocating and scheduling development resources. Risk, on the other hand, usually receives little attention. Nonetheless, risk in general, and the risk of security breaches in particular, have the potential of annihilating the value created by development activities, or even cause a project to realize negative value. The first prerequisite of rationally allocating resources is being able to compare the benefits of value creation on the one hand and risk reduction on the other. Secondly, there must be a good estimate of the resources needed to achieve those benefits. Mechanisms need to be in place to ascertain that development effort, whether invested in value creation or in risk reduction, meets its targets. Furthermore, as the environment of a system under development tends to change in the course of the development cycle, so do the requirements. Hence the planning and tracking protocol must make allowances for the flexibility demanded by most organizations. Agile Security Requirements Engineering Cost-Effective Security

Secure Application Development

Planning and tracking security requirements

Learning objectives

Plan and track security requirements in a software project.

Overview

Organizations develop software applications to create value. Modern project planning and management techniques explicitly take value creation into consideration when allocating and scheduling development resources. Risk, on the other hand, usually receives little attention. Nonetheless, risk in general, and the risk of security breaches in particular, have the potential of annihilating the value created by development activities, or even cause a project to realize negative value.

The first prerequisite of rationally allocating resources is being able to compare the benefits of value creation on the one hand and risk reduction on the other. Secondly, there must be a good estimate of the resources needed to achieve those benefits.

Mechanisms need to be in place to ascertain that development effort, whether invested in value creation or in risk reduction, meets its targets. Furthermore, as the environment of a system under development tends to change in the course of the development cycle, so do the requirements. Hence the planning and tracking protocol must make allowances for the flexibility demanded by most organizations.

PDF slides Agile Security Requirements Engineering

PDF slides Cost-Effective Security