Information Technology Reference
In-Depth Information
that is, build in safeguards to reduce the effect of various threats. The details to
mitigate risk throughout across the solution are the IA requirements.
Requirements may be directly received from the customer and be very clearly
stated. Other requirements may be derived indirectly. Decomposing customer RFP/
RFQ/SOW will produce requirements. he inherent nature of the solution architec-
ture or solution design will produce more requirements. Overall, engineering require-
ments fall into categories similar to compliance requirements:
n
−
Explicit
Direct
Requirements specified in a project request
Indirect
External documents referenced by project request
Legislation, policy, procedure, guideline, etc.
Principles, constraints, and assumptions (PCAs)
Architectural, design, or other enterprise life cycle management
(ELCM) PCAs directly stated in the project request
n
−
n
−
−
n
n
−
Implicit
Emerge from
Project requirements
Business process
Technical
Security and privacy
Principles, constraints, and assumptions
Architectural, design, or other ELCM PCAs derived from explicit
requirements, operating environments, etc.
n
−
−
−
−
n
Explicit requirements are stated outright. The IA architect derives implicit
requirements from explicit requirements as well as from the emerging architecture,
design, CONOPS, and functional considerations. Implicit requirements need a
formal recognition/review process so that as complete a list of requirements as pos-
sible is created. Enumerating both explicit and implicit requirements will benefit
from a formal requirements engineering approach.
IA
2
uses two macro approaches to requirements engineering:
decomposition
and
domain functional isolation
. The decomposition approach may use
process decomposi-
tion
or
systemic decomposition
. The domain functional-isolation approach identifies
entities and their interactions. The goal of all decomposition methods is to divide
and conquer through defining discrete views that promote looking at the business
requests from multiple perspectives.
The IA architect states explicit requirements in business and technical terms,
and always starts with business objectives (business drivers). Determining the
Request for proposal, request for quote, statement of work, respectively.
