search menu icon-carat-right cmu-wordmark

An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods

August 2013 White Paper
Nancy R. Mead, Travis Christian

In this paper, the authors provide background information on penetration testing processes and practices.

Publisher:

CERT

Abstract

This article describes a comparison of six security requirements prioritization methods: analytical hierarchy process (AHP), accelerated requirements method (ARM) prioritization, priority poker, cost-benefit model, security investment decision dashboard (SIDD), and COCOMO-II security extensions.