Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

How Much Security Is Enough?

  • May 2013
  • By Julia H. Allen
  • In this paper, Julia Allen provides guidelines for answering this question, including means for determining adequate security based on risk.
  • Software Assurance
  • Publisher: CERT
  • Abstract

    Updates to this material are, in part, either adapted or excerpted from Software Security Engineering: A Guide for Project Managers [Allen 2008].

    This article provides guidelines for answering this question, including strategy questions to ask, organizational and market characteristics to take into account, and means for determining adequate security based on risk. It is important to make sure that leaders understand the residual risk that remains after mitigating actions are taken.

  • Download