icon-carat-right menu search cmu-wordmark

How Much Security Is Enough?

White Paper
In this paper, Julia Allen provides guidelines for answering this question, including means for determining adequate security based on risk.
Publisher

Software Engineering Institute

Abstract

Updates to this material are, in part, either adapted or excerpted from Software Security Engineering: A Guide for Project Managers [Allen 2008].

This article provides guidelines for answering this question, including strategy questions to ask, organizational and market characteristics to take into account, and means for determining adequate security based on risk. It is important to make sure that leaders understand the residual risk that remains after mitigating actions are taken.