Affiliation:
1. Institut Supérieur de Gestion de Tunis, Tunisia
2. New Jersey Institute of Technology, USA
Abstract
This chapter presents a quantitative security risk management cybersecurity measure namely the Mean Failure Cost (MFC). We illustrate it to quantify the security of an e-Learning application while taking account of its respective stakeholders, security requirements, architectural components and the complete list of security threats. Moreover, in the mean time, security requirements are considered as appropriate mechanisms for preventing, detecting and recovering security attacks, for this reason an extension of the MFC measure is presented in order to detect the most critical security requirements to support the quantitative decision-making. Our focus is widespread to offer a diagnostic of the non secure system's problems and a depth insight interpretation about critical requirements, critical threats and critical components. This extension is beneficial and opens a wide range of possibilities for further economics based analysis. Also this chapter highlights the security measures for controlling e-Learning security problems regarding the most critical security requirements.
Reference25 articles.
1. Synopsis of Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission Value
2. Aissa, A. B. (2013, Winter). Vers une mesure économétrique de la sécurité des systèmes informatiques (Unpublished doctoral dissertation). Faculty of Sciences of Tunis.
3. Aissa, A. B., Abercrombie, R. K., Sheldon, F. T., & Mili, A. (2009). Quantifying security threats and their impacts, In Proceedings of 5th Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW-2009). ACM.
4. Quantifying security threats and their potential impacts: a case study
5. Aissa, A. B., Abercrombie, R. K., Sheldon, F. T., & Mili, A. (2012). Defining and computing a value based cyber-security measure. Information Systems and e-Business Management, 10(4), 433-453.