Statistics: (574 Views) (0 Comments) Posted by: adrian on Friday, February 22, 2008 Categories: Project Management, Requirements Management and Communication (BABOK KA)

Once a set of security requirements has been identified, it is often the case that they need to be prioritized. Due to time and budget constraints, it is often difficult to implement all the requirements that have been elicited for a system. It may also be the case that security requirements are implemented in stages, and prioritization can help to determine which ones should be implemented first. Many organizations pick the lowest cost requirements to implement first, without regard to importance. Others pick the requirements that are easiest to implement, for example by purchasing a COTS solution. These ad hoc approaches are not likely to achieve the security goals of the organization or the project. To prioritize security requirements, we recommend a systematic prioritization approach. This article discusses a tradeoff analysis that can be done to select a suitable requirements prioritization method and briefly describes a number of methods.

Author: Nancy R. Mead