![]() ![]() In many cases a comprehensive risk assessment is also absent which is why CPNI recommends completing both risk assessments and the OR process as an essential part of any security project. Where CPNI has been asked to assist in failing security projects, in almost all cases an OR process has not been followed. ![]() The development of this process is based on observing projects where security requirements were poorly defined or developed in isolation. The involvement of key stakeholders in the OR process will increase executive buy-in for the project, simplifying any organisational change required.ĬPNI has recommended the use of an OR process for many years. Operational Requirements (OR) are an essential tool to enable an organisation to produce a clear, considered and high level statement of their security needs based on the risks they face.Ī well-defined OR increases the likelihood of success in any security project and reduces the risk of commissioning expensive nugatory work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |