Requirements Traceability

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary's course,
00:00
I'm your instructor Brad Rhodes.
00:00
Let's jump into requirements traceability.
00:00
In this video, we're going to cover
00:00
questions about requirements traceability.
00:00
We're going to talk about
00:00
the requirements traceability matrix,
00:00
which is how we track requirements.
00:00
We're going to talk about why we should do RTM.
00:00
What should be traceable when
00:00
>> we talk about requirements?
00:00
>> Well, it's like stake holders.
00:00
Everything. Everything needs to be traceable.
00:00
If we don't trace everything,
00:00
then we're going to
00:00
miss something pretty straightforward.
00:00
Another question we want to
00:00
ask ourselves when we talk about
00:00
requirements traceability is linkages.
00:00
Who is responsible. One,
00:00
for making them, and two,
00:00
how do we make sure they're defined?
00:00
Well, we really have to look at
00:00
linkages because if we don't,
00:00
then it's very possible that one module or one part of
00:00
that system of interest won't
00:00
actually connect to work correctly with another.
00:00
Who is responsible for building
00:00
the requirements traceability matrix?
00:00
Well, it really comes down to the systems engineer.
00:00
They're responsible for the overall system.
00:00
But when it comes to information system
00:00
security requirements, that's the ESI.
00:00
The ESI is responsible for that.
00:00
When should we, and how should we construct an RTM,
00:00
that requirements traceability matrix,
00:00
which we'll talk about next.
00:00
Well, it needs to be created
00:00
from the very beginning
00:00
of the design and planning section. That's it.
00:00
You have to start from the beginning,
00:00
if you're not tracing from
00:00
requirements from the beginning
00:00
you're going to miss something,
00:00
and you're going to try to bolt on requirements.
00:00
You get scope creeps. It's a big mess.
00:00
How do you make a requirements traceability matrix?
00:00
Well, that's up to you.
00:00
You could do it in a spreadsheet for a simple project.
00:00
You could use Jira,
00:00
Atlassian, some of those tools.
00:00
You could use Microsoft Project.
00:00
There's multiple ways to
00:00
create requirements traceability matrix.
00:00
It's ultimately up to your organization,
00:00
but regardless of how you do it, you need to make one.
00:00
This is a quick example from NIST,
00:00
the National Institute of Standards and Technologies.
00:00
It's a requirements traceability matrix.
00:00
As you can see,
00:00
you have identifier's for testing on one side,
00:00
and then you have the actual requirements on the top.
00:00
Obviously, you can
00:00
manage those links however you want to.
00:00
A good way to build
00:00
a requirements traceability matrix is
00:00
to use a relational database.
00:00
That's an easy way to build that out and
00:00
track linkages from different pieces and components.
00:00
I've seen that done before.
00:00
But regardless of how you do it,
00:00
a requirements traceability matrix
00:00
allows you to trace requirements,
00:00
and track requirements,
00:00
and keep them in the forefront of
00:00
your mind as you're developing your systems.
00:00
Why do we do RTM? Why do we make it?
00:00
Why do we build a requirements traceability matrix?
00:00
Pretty straightforward. We need it for verification.
00:00
Did we build the right requirements.
00:00
Validation, did we build the requirements right?
00:00
Or did we meet the mission needed,
00:00
the intent of what we were building?
00:00
Then finally, change management.
00:00
Why? Well change management is interesting.
00:00
If we don't do good change management, we have a problem.
00:00
But if we have not done requirements traceability,
00:00
how do we know what requirements
00:00
get updated or tweaked or
00:00
changed in change management if we have
00:00
no idea what those requirements are linked to.
00:00
As you can see,
00:00
requirements traceability is incredibly
00:00
important to the ESI.
00:00
In this lesson, we talked about questions
00:00
related to requirements traceability.
00:00
We reviewed a requirements traceability matrix,
00:00
and when we talked about why you
00:00
do requirements traceability matrixes,
00:00
and why you do requirements traceability
00:00
in general. We'll see you next time.
Up Next