Definition: Security is a non-functional requirement that refers to the ability of a system to protect itself against unauthorized access, data breaches, and other malicious activities. It involves implementing measures such as encryption, access controls, firewalls, and intrusion detection systems to safeguard the system and its data. Security is essential for any system that handles sensitive information or performs critical functions, as a breach can result in significant financial, legal, and reputational damage. Therefore, security must be a top priority in the design, development, and deployment of any IT system.
Source: TOGAF
Source reference: https://pubs.opengroup.org/architecture/togaf9-doc/arch/chap03.html
Additional information: According to the TOGAF specification, guidelines, and documentation, the non-functional requirement of "Security" refers to the ability of a system to protect against unauthorized access, modification, or destruction of data. This requirement encompasses a range of security measures, including authentication, authorization, encryption, and auditing.
To meet the Security requirement, a system must be designed to ensure that only authorized users can access sensitive data or perform certain actions. This may involve implementing strong passwords, multi-factor authentication, or other access control mechanisms. Additionally, the system must be able to detect and prevent unauthorized access attempts, such as through intrusion detection systems or firewalls.
Another aspect of the Security requirement is data protection. This involves ensuring that data is encrypted both in transit and at rest, and that appropriate measures are in place to prevent data loss or corruption. The system must also be able to recover from security incidents, such as by restoring data from backups or rolling back transactions.
Finally, the Security requirement includes auditing and monitoring capabilities. The system must be able to track user activity and generate audit logs, which can be used to investigate security incidents or comply with regulatory requirements. This may involve implementing logging and monitoring tools, as well as establishing policies and procedures for reviewing and analyzing audit data.
Example: One example of an IT non-functional requirement for security could be that the system must have a secure login process that includes multi-factor authentication and password complexity requirements to prevent unauthorized access.
LOST view: Digital Solution Non-Functional Requirements Catalogue view
Identifier: http://data.europa.eu/dr8/egovera/SecurityRequirement
EIRA traceability: eira:DigitalSolutionNonFunctionalRequirementRequirement
ABB name: egovera:SecurityRequirement
EIRA concept: eira:ArchitectureBuildingBlock
Last modification: 2023-05-16
dct:identifier: http://data.europa.eu/dr8/egovera/SecurityRequirement
dct:title: Security Non-Functional Requirement
|
|
| dct:modified | 2024-01-28 |
| dct:identifier | http://data.europa.eu/dr8/SecurityRequirement |
| dct:title | Security Non-Functional Requirement |
| skos:example | One example of an IT non-functional requirement for security could be that the system must have a secure login process that includes multi-factor authentication and password complexity requirements to prevent unauthorized access. |
| skos:definition | Security is a non-functional requirement that refers to the ability of a system to protect itself against unauthorized access, data breaches, and other malicious activities. It involves implementing measures such as encryption, access controls, firewalls, and intrusion detection systems to safeguard the system and its data. Security is essential for any system that handles sensitive information or performs critical functions, as a breach can result in significant financial, legal, and reputational damage. Therefore, security must be a top priority in the design, development, and deployment of any IT system. |
| eira:concept | eira:ArchitectureBuildingBlock |
| eira:definitionSource | TOGAF |
| eira:definitionSourceReference | https://pubs.opengroup.org/architecture/togaf9-doc/arch/chap03.html |
| skos:note | According to the TOGAF specification, guidelines, and documentation, the non-functional requirement of "Security" refers to the ability of a system to protect against unauthorized access, modification, or destruction of data. This requirement encompasses a range of security measures, including authentication, authorization, encryption, and auditing.
To meet the Security requirement, a system must be designed to ensure that only authorized users can access sensitive data or perform certain actions. This may involve implementing strong passwords, multi-factor authentication, or other access control mechanisms. Additionally, the system must be able to detect and prevent unauthorized access attempts, such as through intrusion detection systems or firewalls.
Another aspect of the Security requirement is data protection. This involves ensuring that data is encrypted both in transit and at rest, and that appropriate measures are in place to prevent data loss or corruption. The system must also be able to recover from security incidents, such as by restoring data from backups or rolling back transactions.
Finally, the Security requirement includes auditing and monitoring capabilities. The system must be able to track user activity and generate audit logs, which can be used to investigate security incidents or comply with regulatory requirements. This may involve implementing logging and monitoring tools, as well as establishing policies and procedures for reviewing and analyzing audit data. |
| eira:PURI | http://data.europa.eu/dr8/SecurityRequirement |
| dct:type | eira:SecurityRequirement |
| eira:view | Digital Solution Non-Functional Requirements Catalogue view |
| eira:eifLayer | N/A |
| skos:broader | http://data.europa.eu/dr8/DigitalSolutionNonFunctionalRequirementRequirement |