Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Blueprint Phase - Security involvement

Former Member
0 Kudos

Hello Gurus,

Would you please share your expertise on the below question.

Does security team needs to be involved in the blueprint workshops during the functional requirements gathering. I am asking this because, we hardly find any security requirements during functional requirements gathering. What i feel is efficient or productive is, sitting with the each functional team (SD, FI, CO, MM, SD etc) after they have gathered all the business requirements and then work with the functional team to incorporate the security requirements as well as any controls if any for building security roles

Which one would be more productive for security? during functional req's gathering or after functional req's are gathered.

Please let me know, thanks in advance

Venkat

5 REPLIES 5

Former Member
0 Kudos

Hi Venkat,

It is always recommended to be a part of the Blueprint discussions to give your piece of recommendations to the Functional teams in terms of Security Design, Role Building and Maintenance. Further, the individual requirements can be addressed.

This is the phase where the best solutions can be adapted from the industry.

Regards,

Raghu

0 Kudos

Thanks Raghu !! Very helpful answer

Former Member
0 Kudos

Hi Venkat,

In line with what Raghu has already said, it is important to be engaged during blueprint. If there are not many requirements coming out of blueprint then that's because the right people aren't being asked the right questions! It is not just the role of the functional team to engage the business (after all, they are not risk and control experts usually).

I would be expecting to engage with at least the following (in some cases the roles may be combined):

Functional team leads

Client team leads

Cient business process experts/owners

Internal Audit/Risk Management

Compliance/internal controls

Client IT/IS security

The objective for blueprint is to produce a detailed design so you have a lot of stakeholders to be speaking to and functional team are only a small group that you need to work with to do an adequate job.

Have fun!

0 Kudos

Alex !! Thanks much, i really appreciate ......... Your answer will help my cause

Former Member
0 Kudos

It also depends on the size and expertize of the project and how much you can bring with to the blueprint.

If you are lucky, then reviewing the blueprint draft for show-stoppers or feedback for optimization is sufficient and being asked for input to key meetings is sufficient as a "solution architect". If they invite you, then you know that you are respeted for your inputs.

Going to all those meetings is not effiecient and if you always represent security before they have a blueprint then you will be yet another a bottle-neck in the process making the meetings longer.

so, it depends.. as usual.

Cheers,

Julius