A central activity in design-level solution analysis is building up a consistent vision of the software solution. The idea is to see the forest and not get lost in the trees.The vision is needed in order to fully evaluate the cost and estimates of IT development.
Business managers can then decide if the system goes into development either now or in the future. The vision is a specification of a system that includes the estimates on the risks, time and possible development routes.
When we are writing the vision document, we also try to predict possible problems and see what the major risks are. This allows you to make a solid and informed decision.
The importance of design analysis
Roughly 50 percent of security problems are the result of design ﬂaws. This makes risk analysis at the design level a critical part of the development process. Taking the trouble to apply risk-analysis methods for any application often yields valuable, business-relevant results.
Keep in mind, we are not talking about enterprise level risk management. We are talking about the risks of the particular system you are building.
Intentional and non-intentional usage scenarios
Customers and employees using the system can often create many different types of situations, both intentional and accidental. A good real world example is the lottery system where a fail-safe is especially important. Our goal is to minimize the possibilities of cheating the system.
Risk analysis should verify your assumptions by testing the threats and vulnerabilities in the design. Applying these simple ideas will put you miles ahead of most developers.
Achieving consensus is a process that requires constant communication and multiple discussions. People need time to give maturity to their ideas.
Pulling together a vision, which everyone in the management agrees on, is what our analysts do best. Our years of experience make it an enjoyable process for both us and our clients.