Models for Assessing the Cost and Value of Software Assurance

Abstract

It is not enough to simply estimate the cost of doing secure software assurance: you must also justify it from a value perspective. This paper presents IT valuation models that represent the most commonly accepted approaches to the valuation of IT and IT processes. These models can be categorized into four initial types: investment based, cost based, environmental/contextual, and quantitative estimation. However, the general conclusion is that there are only two valid ways to approach valuation of the secure software assurance process: quantitative and environmental.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 01, 2007
Accession Number
AD1171084

Entities

People

  • Antonio Drommi
  • Dan Shoemaker
  • Jeff Ingalsbe
  • Jennifer M. Bailey
  • Nancy R. Mead

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Business Administration
  • Commerce
  • Computer Programs
  • Computers
  • Cost Analysis
  • Cost Estimates
  • Costs
  • Department Of Defense
  • Economic Impact
  • Economics
  • Engineering
  • Information Security
  • Information Systems
  • Investments
  • Management Personnel
  • Money
  • National Security
  • Probabilistic Models
  • Probability
  • Risk
  • Risk Analysis
  • Security
  • Software Assurance
  • Software Development
  • Systems Management

Fields of Study

  • Computer science

Readers

  • Life Cycle Cost Analysis
  • Software Engineering.