Managing the Security Requirements in Agile Projects

Address to the security requirements even at early phases of development is the most effective method of preventing security bugs. The major part of security requirements are related to non-functional requirements (NFR). Non-functional requirements generally describe such aspects of software system as reliability, security, response time and some other significant qualities of an application. Remember, that functional requirements describe what should the system do in response to the certain user action.

Active attention to the non-functional requirements and likewise security in particular is not usual within Agile. Non-functional requirements are often linked with large number of limitations. It can be really difficult to work with a huge set of limitations connected with non-functional requirements. If to add also some additional NFR limitations such as ease of access, the list of limitations might grow too rapidly for developers. After the list becomes really huge, developers often ignore it at all. They simply rely on their memory in the application of NFR limitations. In such areas as security of applications, the quantity of non-functional requirements significantly increases, and that makes cognitive load on developers’ brains really considerable.

Of course there are effective solutions to the problems with immense NFR restrictions. It is possible to cope with the problem of numerous NFR limitations the following ways.

1.Prioritization. If NFR restrictions will have various priorities, it will be easier to divide the scope of work into parts and to relieve brain a little. It is possible to assign different priorities to limitations so as it is usually done for defects and user stories. It is possible to designate priorities like this: “Low”, “Middle” or “High”. It can also be convenient to evaluate priorities using numerical scale from one to ten.

2.Filtration. By utilizing simple criteria you can decrease or just liquidate large scope of NFR restrictions for certain user story. By using the system of tags or just Excel filters you can successfully perform this. Here are some examples of filters which can be used for web applications:

– Does the user story utilize the input data supplied by the user?

– Does the user story use some kind of confidential data such as credit cards, passwords or even some kind of non-public financial data?

Mainly prioritization and filtration can significantly simplify and help to systematize the daily work connected with NFR restrictions. And, of course, it is better to remember about issue tracking system which will help to monitor the most important processes and data during workflows.

Author Byline

Hi, my name’s Jannet Sparts and I’m working as an editor of Online Issues. I write for several blogs sharing my experience and observations. I have worked as a project manager in several companies. So I have tried different PM tools, collaboration programs, including tracker and task management software solutions. For the moment PM software is my primary field of interest.

Advertisements

, , , , ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: