The quality of an information security system is of paramount importance. A small fault in the system might threaten the entire organization's valuable data. However, resource constraints could reduce the quality of the system. Over emphasizing on quality could lengthen the system development cycle, complicate the system design, and hence increase the system development cost. This article proposes a systematic approach to distribute resources to tackle multi-criteria problems under a fixed budget by using physical programming (PP). A case example was also included to demonstrate the application of the proposed algorithms.