Improving CVSS-based vulnerability prioritization and response with context information
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
A web-based multi-perspective decision support system for information security planning
Decision Support Systems
Hi-index | 0.00 |
Software project managers have limited project resources. Requests for security improvements must compete with other requests, such as for new tools, more staff, and additional testing. Deciding how and whether to invest in cybersecurity protection requires knowing the answer to at least two questions: What is the likelihood of an attack, and what are the likely consequences of an attack? This article explores how answers to these questions have been sought and what obstacles lie in the way of understanding the answers. The authors discuss the need for data available to inform management decisions about cybersecurity investment, then examine models supporting decisions about trade-offs between investment and protection. Finally, they present a framework for comparing and contrasting economic models, so that project managers can make effective decisions about security. This article is part of a special issue on Security for the Rest of Us.