ABSTRACT
The McCumber Cube methodology is not a process that needs to be replicated on a recurring basis; it is a methodology to use in the assessment and design phases of the security program. It also can be employed as a tool for design and assessment of individual products and system components. Invoking the use of the methodology is also called for when the information systems environment is significantly modified or upgraded. In keeping with the understanding of this process as an information-centric model, you can determine if the McCumber Cube methodology needs to be used by looking for new information flows, changes in asset (information) valuation, and the acquisition of new technologies. However, there are many security-relevant activities that take place on a day-to-day basis and we will cover the basics of that process here.
