Provide your thoughts and understanding of requirements:
1. Who consumes requirements?
2. Getting security requirements implemented.
3. Why do good requirements go bad?
Answer the questions with an APA-formatted paper (Title page, body and references only). Your response should have a minimum of 500 words. Count the words only in the body of your response, not the references. A table of contents and abstract are not required.
A minimum of two references are required. One reference for the book is acceptable but multiple references are allowed. There should be multiple citations within the body of the paper. Note that an in-text citation includes author’s name, year of publication and the page number where the paraphrased material is located.
Your paper must be submitted to SafeAssign. Resulting score should not exceed 35%.
Thoughts and understanding of getting security requirements implemented.
Introduction
It is not uncommon to see security requirements being ignored, pushed aside or worse still, implemented incorrectly. This is because there are many aspects of security that need to be considered before an organization can start implementing it. This article discusses some things that should be looked into when deciding what kind of protection you want for your systems, and how implementing it can affect day-to-day operations for each individual at the company.
There is a general lack of understanding of what security is.
Security is not just about firewalls, antivirus and IDS. Security is a mindset. It’s not just something you do, it’s something you are and will always be.
Security is not a checklist; there are too many things that could go wrong in an organization for any checklist to guarantee security. A good security policy should be based on your understanding of how people use technology (both internally and externally) as well as the risk factors associated with each activity or resource available to them within their environment (e.g., desktop computers or smartphones).
Security is only required as a need and not as a matter of course.
Security is not an add-on. If you want your website to be secure, then this needs to be implemented from the get-go and cannot be ignored in any way shape or form or else it will end up costing you more in the long run than just having security requirements implemented properly from day one.
Security is always an add-on, that should be implemented later when it becomes important.
Security is not important until it affects the business and/or customer. Security is only important when it affects the company or their customers.
It does not really matter, because security incidents do not happen to us.
Security incidents happen to everyone, and they can be caused by anyone. A security incident is not just about hackers, but also about people making mistakes. If you are looking for a company that will help you implement security requirements, do not hesitate to contact us today!
We all believe that we can implement security by ourselves.
Security is a mindset, not just a set of rules. Security must be understood as a way of thinking, a way of life and not just about technology or hardware solutions. It’s about people and processes that can be implemented in order to ensure we all have the same level of protection from cyber threats as we do today.
We do not want to be told what to do.
When you are told what to do, you feel like a child who has been given a list of chores to complete. You may have been told that this is the way things are done and that’s all there is to it. But we don’t want to be told what to do!
We have our own way of doing things—and it’s often better than yours because we know more about security requirements than you do (aside from some generalities), which means that if something isn’t working well enough for us, then perhaps there’s room for improvement on your end too. If we’re busy with something else – like marketing campaigns or new products – then implementing security requirements would just be taking up time which could otherwise be spent elsewhere!
We know better than you (security engineer), so why should we implement your requirements?
It’s not that we don’t care about security. It’s just that most people think they can handle their own security needs and only have to worry about the basics. They think that if they have a firewall, web application firewall (WAF), virus scanner and vulnerability scanner installed on their computers or smartphones then everything will be fine. This is far from reality!
Because I am tired of security requirements being pushed aside by people saying they do not have time or similar excuses this was needed to be said.
The reason why security requirements are not a priority is because they are not understood. People seem to think that getting security in place is something that can be done at any time, but this is simply not true.
Security requirements cannot be implemented by just anyone with little or no experience in the field of cybersecurity and certainly not without proper planning and preparation. The process must be done right, as well as having all stakeholders involved so there will be no issues down the line when your organization has just gone live using your newly implemented policy or standard operating procedures
Conclusion
Security requirements are not optional. They are essential for your company to function properly. They need to be implemented as a matter of course and not as an add-on later on when the incident happens. If someone is saying that we do not have time to implement security, then they should be fired immediately because this means they think their job is more important than protecting people from harm