Skip to Main Content
Information security products have evolved rapidly over the last decade. However, the science of evaluating products has virtually stood still during that same time period, creating a knowledge gap that has made it difficult for information security buyers to determine whether or not a product meets specific security and/or compliance needs. This paper discusses a new method for evaluating technology products based upon the appropriateness within the context that they will be deployed. By applying a Use Case-based methodology, information security professionals can more clearly identify detailed protection requirements for a given environment. Two examples are given: (1) Use Cases can clarify different application security requirements between retail storefronts and back-end e-commerce datacenters; and (2) Use Cases allow the assessment of anti-malware products based on the relative importance of different malware attack vectors to the endpoints being protected.