An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods

August 2013 • White Paper

Nancy R. Mead, Travis Christian

In this paper, the authors provide background information on penetration testing processes and practices.

Publisher:

CERT

Subjects

Cybersecurity EngineeringCybersecurity Engineering
Software AssuranceSoftware Assurance

Abstract

This article describes a comparison of six security requirements prioritization methods: analytical hierarchy process (AHP), accelerated requirements method (ARM) prioritization, priority poker, cost-benefit model, security investment decision dashboard (SIDD), and COCOMO-II security extensions.