Thoughts on Requirements

Posted May 10th, 2007 by

I don’t think we should attach the word “requirement” to any controls in a framework or catalog of controls. I wish we could use the word “needs” instead.

While it’s a subtle distinction, it implies that there needs to be some wetware involved in order to translate the catalog of controls into real requirements that an engineer (security or otherwise) can build to. Until we do that, we’re only frustrating the people who have to implement.

Similar Posts:

Posted in Risk Management, What Doesn't Work, What Works | 2 Comments »

2 Responses

  1.  Alex Says:

    Perfect. Simple and elegant change, but significant in terms of perception and meaning.

  2.  Needs vs. Requirements, Or The Subtle Semantics Make All The Difference | Says:

    […] Rah! Rah! Sis-Boom-Bah! Goooooooooo Rybolov! […]

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Visitor Geolocationing Widget: