From the course: Non-Functional Requirements in the Cloud: Foundations, Planning, and Implementation

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Security and privacy

Security and privacy

From the course: Non-Functional Requirements in the Cloud: Foundations, Planning, and Implementation

Start my 1-month free trial Buy for my team

Security and privacy

- [Instructor] Now let's jump into security, where a large number of NFRs can develop. An NFR for security can come from a compliance or regulatory requirement, or from having a security-first culture, where you align to industry standards as a minimum and strive for the strongest security posture possible. One example of a standard that impacts most industries is payment card industry compliance. Two example security-related requirements from here are install and maintain a firewall configuration to protect cardholder data, and encrypt transmission of cardholder data across open public networks. We might make a more specific NFR internally, depending on the cloud service provider we use and their advised strategy around securing cloud infrastructure and data. For instance, we might specify the type of firewall, or the service or tool used for our firewall. And we might have allow and deny lists for our firewall, and specify an NFR that during development, any test, email addresses…

Contents