An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods
August 2013 • White Paper
Nancy R. Mead, Travis Christian
In this paper, the authors provide background information on penetration testing processes and practices.
This article describes a comparison of six security requirements prioritization methods: analytical hierarchy process (AHP), accelerated requirements method (ARM) prioritization, priority poker, cost-benefit model, security investment decision dashboard (SIDD), and COCOMO-II security extensions.