Ok, I get it. The whole concept of Security Requirements Engineering might be just like that old Life cereal commercial I grew up with. You might remember, if you’re old like me, but there’s these two brothers, and they have a bowl of cereal.
One says to the other, “What’s that?”
The other looks at him and said, “I dunno. It’s supposed to be healthy.” He shoves it towards his brother, “You try it!”
“No, you try it!” says the other brother, as they push the bowl back and forth.
Finally, one of the gets the bright idea to give it to his 4yo brother. “Let’s get Mikey to try it. He hates everything.”
And, lo and behold, Mikey likes it.
Now, I’m not saying that if you’re not convinced about the whole RE thing beyond the basics of Requirements -> Security Drivers -> Attributes and Domains, what’s in the forthcoming October issue about the rest of the RE story is going to have you lapping up Life cereal like it’s going out of style…
…but it just might help you do a bit better in making sure you can isolate the impact of change and make sure you can easily track down the right customers to get their stamp of approval—not to mention leveraging all those extra touchpoints to build your credibility and reputation.
What’s really interesting about it is that if you stand back far enough, and you squint…just so…there’s a bit more to it and how it fits in with SABSA® than you might’ve initially expected.
Most of the time, we don’t do those things we know we should because either we don’t believe they’re valuable or we think they’re annoying, too hard or even boring. But at the end of the day, if we want to get the best possible results, we know we’ve gotta eat our vegetables…
…we know we’ve gotta get off the couch
…we know we’ve gotta quit poisoning ourselves.
It’s just the way it is.
To explore the impact and challenges of good and bad RE in a security context, make sure you subscribe to the Security Sanity™ print newsletter before the October edition goes to the printer in less than a week.
Yes, it’s eating your vegetables,
and no, you might not think it’s sexy…
but it’s something that’s still gotta be done if you want everything to hang together…
…and you want the best chance of delivering the mission and purpose of security to keep the organization as safe as possible while moving as fast as It thinks it needs to go.
Here’s the link: https://securitysanity.com
Andrew S. Townley
Archistry Chief Executive