The Role of Quantitative Analysis in the Information Security Systems Development Lifecycle

Abstract

Today's numerous Quantitative Analysis (QA) tools have been successfully utilized to solve business problems in diverse applications. However, the application of QA tools in solving information security problems has been sparse. Devising the means and ways to use QA tools in resolving industry-wide security problems has the potential to yield enormous global economic benefit. The purpose of this paper is to explore the use of QA tools as a means of improving the processes involved in the Information Security Systems Development Lifecycle (SecSDL). Information security professionals use the SecSDL as a guide for formulating a comprehensive information security program. The paper examines the fit between QA tools and the processes of the SecSDL. A case application illustrates an example of QA tools applied specifically to risk assessment in the SecSDL. [PUBLICATION ABSTRACT]