How can Brainstorm, Organize, and Name (BON) be used to guide the security requirements elicitation process?
The team must have the risks/threats, assets, and security goals in front of them. A brainstorming session would result in a mapping between the security requirements and the risk/threats, assets, and security goals that were identified previously. Alternatively, a specialist can “seed” the brainstorming process by developing some requirements ahead of the meetings that are called for in the BON method. Once the team sees a few example requirements, they are likely to come up with more. It’s important to have stakeholder representatives involved, as they tend to see things differently. For example, a stakeholder in HR might be concerned with securing personnel data, whereas someone else might not consider that type of data particularly sensitive.
Related Questions
- What are the process plant requirements for Emerson Process Management devices used in SIS loops when IEC 61508 is applied?
- What changes have been made to BRASS to improve security and allow it to be used to meet the requirements?
- How can Brainstorm, Organize, and Name (BON) be used to guide the security requirements elicitation process?
