This was a topic that came up during one of today’s sessions at COSAC. Originally, it was about software developers making business decisions because they weren’t aware (or chose to ignore) key business or legal requirements when they were actually implementing the software that runs the business. Now there’s a lot of issues with this, […]
Hell, no! I don’t care about your security policies!
Ever get the feeling that this is really what your business and IT customers are saying to you whenever you’re sitting in that last-minute security review and you catch them in violation of the security policies you know have been published for at least 6 months—and which they’ve had to go through (probably mind-numbing) mandatory […]
Wisely wielding the power of organizational mind control
Yesterday, I let you in on one of the biggest secrets of security: that the primary role you have in delivering your mission and purpose of security is creating and maintaining the organizational security policies. Today, I’m going to let you in on the biggest secret of security: You have the power to control the […]
Eating your security requirements
Ok, I get it. The whole concept of Security Requirements Engineering might be just like that old Life cereal commercial I grew up with. You might remember, if you’re old like me, but there’s these two brothers, and they have a bowl of cereal. One says to the other, “What’s that?” The other looks at […]
Gimme 3 types…gimme 3 types, mister
Whether or not you’re cutting the rug with Linda Lou or shakin’ like a leaf on a tree, one thing you need to know about requirements if you’re going to have a hope of tryin’ to prove they’re the right ones you should be including into your security program is that there’s 3 types: The […]
