THE PROPOSED MODEL, TERMED THE COMPUTER SECURITY INDEX, ADDRESSES FIVE PARAMETERS: (1) ONE-TIME PURCHASE OF COUNTERMEASURES FOR A PARTICULAR COMPUTER SYSTEM, (2) PURCHASE OF COUNTERMEASURES OVER AN EXTENDED PERIOD OF TIME, (3) CONSIDERATION OF TWO COMPUTER SYSTEMS IN TERMS OF WHICH IS MOST SECURE, (4) THE AVAILABILITY OF SEVERAL COUNTERMEASURE PACKAGES FOR PURCHASE, AND (5) THE IMPLEMENTATION OF ONE OUT OF SEVERAL SELECTED SEQUENCES FOR PURCHASING COUNTERMEASURES. THE MATHEMATICAL MODEL, WITH ACCOMPANYING ALGORITHMS, IS PARTICULARLY APPLICABLE TO THE THIRD, FOURTH, AND FIFTH PARAMETERS. REQUIRED INPUTS INCLUDE THE DEFINITION OF THREATS AND COUNTERMEASURES, THE IDENTIFICATION OF THE RELATIVE IMPORTANCE OF THREATS, COSTS OF COUNTERMEASURES, AND THE EFFECTIVENESS OF COUNTERMEASURES AGAINST THREATS. IF A STANDARDIZED LIST OF THREATS AND COUNTERMEASURES CAN BE DEVELOPED, THE COMPUTER SECURITY INDEX CAN BE USED TO COMPARE THE SECURITY OF DIFFERENT COMPUTER SYSTEMS. A HYPOTHETICAL APPLICATION OF THE MODEL WITH SAMPLE CALCULATIONS AND OTHER GENERALIZED EXAMPLES OF THE MODEL'S USE ARE GIVEN. SUPPORTING DATA AND EQUATIONS ARE PROVIDED. (DEP)