Developing Business Requirements

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> You're going to the Cloud.
00:00
What's one of the first steps?
00:00
You're going to need to know what's required,
00:00
what is my business need?
00:00
You need if you're going to figure
00:00
out business requirements.
00:00
In this lesson, we're going to talk all
00:00
about how do you develop business requirements?
00:00
What are the types of business requirements you need to
00:00
consider when moving to a Cloud environment?
00:00
Where does security fit into
00:00
this whole picture of business requirements?
00:00
There really are three flavors of requirements.
00:00
At the initial stage of developing business requirements,
00:00
you really need to consider
00:00
functional and non-functional requirements.
00:00
What are functional requirements?
00:00
These are really the devices, processes,
00:00
and employees that are going to be necessary to run
00:00
your Cloud application or
00:00
development environment or infrastructure,
00:00
whatever you are putting up in the Cloud,
00:00
you really got to use
00:00
every method you can to figure
00:00
out what is it going to take?
00:00
The devices that you might identify by
00:00
working with a Cloud architect
00:00
to figure out what
00:00
the diagram of the application's going to look like.
00:00
That will help you determine what devices are needed.
00:00
The processes here you might be working with stakeholders
00:00
to identify what is the business trying to achieve?
00:00
How the processes that make that happen currently work?
00:00
What are the inputs in
00:00
terms of data? What are the outputs?
00:00
What products are produced by
00:00
the applications that are going to be
00:00
leveraged in this Cloud environment?
00:00
Third, what are the employees' roles
00:00
and responsibilities in this business requirement,
00:00
in this overall project?
00:00
More importantly, do we have the employees we need?
00:00
How are these employees roles shifting from on-premise or
00:00
a different type of Cloud environment to
00:00
what we're current project is set out to complete.
00:00
Do we need to hire new people?
00:00
Do we need to hire consultants to
00:00
train up our current employees?
00:00
These are things to consider
00:00
when it comes to functional requirements.
00:00
But at a fundamental level, what's up there?
00:00
What are the inputs and outputs
00:00
with processes are going to do?
00:00
What are the roles and responsibilities
00:00
of employees are going to fulfill?
00:00
Those are the functional requirements.
00:00
The non-functional requirements.
00:00
What is the expected behavior?
00:00
What are the baseline levels
00:00
of logging, monitoring, performance,
00:00
utilization that we expect to
00:00
see from this business case
00:00
for what we're trying to do in the Cloud?
00:00
Those are the elements in terms
00:00
of not what is being done,
00:00
but how it's being done and how will we know
00:00
when things unusual events occur.
00:00
A lot of those are determined
00:00
in the non-functional requirements.
00:00
This dovetails into security requirements.
00:00
Now, oftentimes, we've talked
00:00
about how you really need to know the business case.
00:00
What are the valuable assets to prioritize the controls
00:00
and make sure they are effectively
00:00
protected based on their value to the business?
00:00
I will say I think there's a little bit of
00:00
a caveat when it comes to
00:00
developing business requirements.
00:00
If you're the one developing their environment,
00:00
please include security early.
00:00
They can help you realize pieces
00:00
that might be missing in terms of your devices
00:00
or processes to ensure that the application runs
00:00
not only efficiently but securely.
00:00
I think when it comes to business requirements,
00:00
we really have to start thinking of security as
00:00
a aspect of product quality that should
00:00
be included as early as possible.
00:00
Now if your in security,
00:00
I would caution you to really wait
00:00
until a lot of the impacts of
00:00
these requirements is figured out before jumping in.
00:00
Sometimes security people they jump ahead to
00:00
all the different threats
00:00
and vulnerabilities that could go
00:00
wrong when it comes to seeing business requirements.
00:00
But you have to keep in mind, what is
00:00
the business trying to achieve here?
00:00
What is the level of security
00:00
that's really appropriate given
00:00
the value and the business case of what's going on?
00:00
Let's reflect for a moment,
00:00
how are business requirements determined
00:00
in your organization?
00:00
This may seem like an odd question,
00:00
but if you're not in
00:00
a business analyst's role or project management role,
00:00
you may not understand how
00:00
the business requirements are determined.
00:00
That may, in some ways
00:00
encumber your ability to truly understand how to
00:00
properly secure things or do
00:00
compliance or understand how regulations are applied.
00:00
Remember, start with the business case
00:00
first and really do your best to
00:00
understand what is the business trying to
00:00
achieve and what are the requirements to do that?
00:00
Then how do we understand
00:00
business requirements in order to improve security?
00:00
In order to properly secure an environment,
00:00
you have to understand what is it really trying to do?
00:00
What are the inputs and outputs?
00:00
Knowing that will help you better determine
00:00
what controls are really necessary
00:00
to complement the business case,
00:00
the requirements and secure the process end to end,
00:00
and ensure that when things are done in the Cloud,
00:00
that your organization can start off on the right foot,
00:00
getting the value of the Cloud in a secure manner.
00:00
In summary, we talked about
00:00
the need for business requirements.
00:00
You got to understand what
00:00
you're trying to fundamentally do,
00:00
what's required to do it,
00:00
and what are the inputs and outputs in the process?
00:00
How are we going to monitor and make sure that
00:00
processes are functioning properly
00:00
and what security requirements are needed.
00:00
Talked about the impact of
00:00
business requirements on security.
00:00
You have to know what you're
00:00
securing and why you're securing it to
00:00
really do it effectively
00:00
>> and in a cost-effective manner?
00:00
>> Also, we talked about the three types
00:00
of business requirements.
00:00
We're going to go in more detail in
00:00
security requirements in future lessons.
00:00
But until then, I'll see you later.
Up Next