search menu icon-carat-right cmu-wordmark

An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods

August 2013 White Paper
Nancy R. Mead, Travis Christian

In this paper, the authors provide background information on penetration testing processes and practices.


This article describes a comparison of six security requirements prioritization methods: analytical hierarchy process (AHP), accelerated requirements method (ARM) prioritization, priority poker, cost-benefit model, security investment decision dashboard (SIDD), and COCOMO-II security extensions.