WK4 DQ

490 wk3 DQ1. 100-150 WORDS

Your IT team is tasked to review the requirements to design a security operations center for your company. What is involved in collecting requirements for this project? Why is it often difficult to do?

REPLIES 75-100 WORDS

A Jordan Ehresman

To most effectively understand what is involved in collecting requirements it is first important to understand what project requirements are. According to Schwalbe (2018) project requirements are conditions or capabilities that must be held by a service or product to account for the needs of the organization. The collecting requirements step is often the most difficult and if not thoroughly executed can cost the organization exponentially down the line. One of the top reasons for the difficulty in collecting requirements is the lack of effective processes developed to for collecting this information. To gather the requirements of an organization's security operations center one technique that could be implemented is interviewing stakeholders. This would allow all who may be affected by the security operations center to state their needs and allow for the data to reflect the needs of the wider organization.

B Chad Pope

Hello Jordan,

Your answer to this week’s first discussion question is, in my opinion, spot on. The only point I might add is, in addition to interviewing the stakeholders, I would define the roles and responsibilities of the security operations center as it applies to the organization I am supporting. There are vast amounts of data available regarding security operations centers on the Internet. For example, the National Institute for Standards and Technology (NIST) Cybersecurity Framework would prove to be an excellent resource for determining requirements. In my opinion, defining the requirements is an important step in the overall requirements collection plan, just as you asserted in your answer. Excellent work thus far. Keep it up.

C Chad Pope

Hello Professor,

One of the most significant obstacles to project scope management involves poorly defined requirements. One factor associated with this difficulty frequently concerns inadequate collection and documentation processes. To collect the requirements necessary to stand up a security operations center (SOC), one should first determine the SOC desired roles and responsibilities. A SOC is a common enough entity that one should be able to accomplish this through research via the Internet. Once complete, requirements collection can begin. The CISO should be a significant source of information necessary to identify requirements. Additionally, as a SOC must be manned, perhaps hiring the SOC team lead and engaging their assistance in collecting requirements would be advantageous. After reviewing the project charter, scope, requirements management plan, and stakeholder management plan, a method of requirements documentation should be developed. A requirements traceability matrix could also prove useful.