Given the industrial advancement towards technology, cybersecurity has become a strong necessity in order to protect an organization’s assets from malicious attacks. Requirements management helps organizations ensure that their products are compliant with the latest industry standards and regulations while protecting them from potential security vulnerabilities. This helps organizations save time and money while delivering secure and compliant software products.
Requirements management is essential for any organization that wants to ensure the security and compliance of its products or services. Cybersecurity requirements should be integrated into the software requirement specifications in order to address issues such as authentication, authorization, data integrity, and access control. Furthermore, it helps organizations avoid costly mistakes due to a lack of attention to detail when it comes to security best practices.
Henceforth, Micaël Martins, European Sales Leader at Visure Solutions, will be thoroughly talking about “How to Write and Manage Requirements for Cybersecurity Embedded Projects” in his presentation at the ‘Cybersecurity in the Testing Environment’ session.
As Embedded systems become more and more complex and powerful, the probability of using them as vectors of cyber attacks increases, for example for distributed denial-of-service (DDoS) attacks. Cisco data estimates that these types of attacks will grow to 15.4 million by 2023, more than double the 7.9 million in 2018. In these, more and more embedded systems are involved, which is a major threat for companies and should be addressed accordingly by a cybersecurity process.
Cybersecurity encompasses all of the technology and operations employed to safeguard devices and their respective platforms and networks from cyber-attacks or hacking. Among them, for embedded systems, development teams already know many concepts and ways to mitigate security risks: coding rules, dedicated RTOS, cryptography techniques, static and dynamic analysis, etc. But another aspect is unfortunately often forgotten: Requirements Management and Traceability.
Even if security standards like IEC 62443 / ISA Secure do require them to manage and trace security requirements through the development and test lifecycle, many engineers wonder how to efficiently comply with these requests and which type of checks and processes apply to the requirements management side. This presentation will present best practices when dealing with security requirements, and how to adapt the Requirements Engineering process to cybersecurity.
So, make sure to stop by at 11 AM on Thursday 30th March, and learn some interesting facts about Requirements Management for Cybersecurity.