The Mean Failure Cost Cybersecurity Model to Quantify Security in E-Learning Environments

This chapter presents the security concepts terminologies (threat, risk, security risk management, security risk management process, security threat model) and present the state of the art of security risk management models, compare and discuss strengths and weaknesses of such models. Then it presents the Mean Failure Cost (MFC) model for quantifying security threats as a rigorous measure of cyber security, and as a cascade of linear models in order to estimate the system security using the loss of a given stakeholders as a result of security breakdown. Finally it presents an overview of the applicability of the MFC measure to e-systems. In the conclusion, the chapter criticizes the MFC Cyber Security Measure and presents an overview of different perspectives.

Download Full-text

The Rigorous Security Risk Management Model

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch024 ◽

2018 ◽

pp. 452-470

Author(s):

Neila Rjaibi ◽

Latifa Ben Arfa Rabai

Keyword(s):

Risk Management ◽

Cyber Security ◽

Linear Models ◽

Management Model ◽

Security Risk ◽

Security Threat ◽

Risk Management Process ◽

Failure Cost ◽

The Mean ◽

Security Risk Management

This chapter presents the security concepts terminologies (threat, risk, security risk management, security risk management process, security threat model) and present the state of the art of security risk management models, compare and discuss strengths and weaknesses of such models. Then it presents the Mean Failure Cost (MFC) model for quantifying security threats as a rigorous measure of cyber security, and as a cascade of linear models in order to estimate the system security using the loss of a given stakeholders as a result of security breakdown. Finally it presents an overview of the applicability of the MFC measure to e-systems. In the conclusion, the chapter criticizes the MFC Cyber Security Measure and presents an overview of different perspectives.

Download Full-text

The Rigorous Security Risk Management Model

Advances in Digital Crime, Forensics, and Cyber Terrorism - Cybersecurity Policies and Strategies for Cyberwarfare Prevention ◽

10.4018/978-1-4666-8456-0.ch005 ◽

2015 ◽

pp. 84-101 ◽

Cited By ~ 2

Author(s):

Neila Rjaibi ◽

Latifa Ben Arfa Rabai

Keyword(s):

Risk Management ◽

Cyber Security ◽

Linear Models ◽

Management Model ◽

Security Risk ◽

Security Threat ◽

Risk Management Process ◽

Failure Cost ◽

The Mean ◽

Security Risk Management

This chapter presents the security concepts terminologies (threat, risk, security risk management, security risk management process, security threat model) and present the state of the art of security risk management models, compare and discuss strengths and weaknesses of such models. Then it presents the Mean Failure Cost (MFC) model for quantifying security threats as a rigorous measure of cyber security, and as a cascade of linear models in order to estimate the system security using the loss of a given stakeholders as a result of security breakdown. Finally it presents an overview of the applicability of the MFC measure to e-systems. In the conclusion, the chapter criticizes the MFC Cyber Security Measure and presents an overview of different perspectives.

Download Full-text

The MFC Cybersecurity Model Extension and Diagnostic toward a Depth Measurement

Achieving Enterprise Agility through Innovative Software Development - Advances in Systems Analysis, Software Engineering, and High Performance Computing ◽

10.4018/978-1-4666-8510-9.ch009 ◽

2015 ◽

pp. 179-198

Author(s):

Neila Rjaibi ◽

Latifa Ben Arfa Rabai ◽

Ali Mili

Keyword(s):

Security Requirements ◽

Security Measures ◽

Security Risk ◽

Depth Measurement ◽

Wide Range ◽

Failure Cost ◽

E Learning ◽

The Mean ◽

Critical Components ◽

Security Risk Management

This chapter presents a quantitative security risk management cybersecurity measure namely the Mean Failure Cost (MFC). We illustrate it to quantify the security of an e-Learning application while taking account of its respective stakeholders, security requirements, architectural components and the complete list of security threats. Moreover, in the mean time, security requirements are considered as appropriate mechanisms for preventing, detecting and recovering security attacks, for this reason an extension of the MFC measure is presented in order to detect the most critical security requirements to support the quantitative decision-making. Our focus is widespread to offer a diagnostic of the non secure system's problems and a depth insight interpretation about critical requirements, critical threats and critical components. This extension is beneficial and opens a wide range of possibilities for further economics based analysis. Also this chapter highlights the security measures for controlling e-Learning security problems regarding the most critical security requirements.

Download Full-text

Expansion and Practical Implementation of the MFC Cybersecurity Model via a Novel Security Requirements Taxonomy

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2015100102 ◽

2015 ◽

Vol 6 (4) ◽

pp. 32-51 ◽

Cited By ~ 2

Author(s):

Neila Rjaibi ◽

Latifa Ben Arfa Rabai

Keyword(s):

Risk Management ◽

Cyber Security ◽

Management Practices ◽

Linear Models ◽

Cost Model ◽

Security Requirements ◽

Practical Implementation ◽

Security Threats ◽

Security Risk ◽

Failure Cost

In security risk management practices if we cannot measure, we can neither control nor improve. A challenging issue in the context of cyber security is to deal with the orthogonal classification of security requirements. A literature review has shown that there are different models of security requirements. Everyone examines some requirements and neglects others. In this paper, the authors intend to answer the question: what taxonomy of security requirements should we use in a security quantification process? It is thus imperative to build a standard, unified and hierarchical taxonomy which incorporates 13 security requirements and then refined in layer into 31 sub-factors referring to the variety of the proposed models based on previous works. The Mean Failure Cost model (MFC) is a recent, strong and structural risk management model. It is a cascade of linear models to quantify security threats in term of loss that results from system's vulnerabilities. It computes for each system's stakeholders his loss of operation ($/H) while taking account of its respective users, security requirements, system's components and the complete list of security threats. The proposed taxonomy is used to optimize quantification using the MFC metric by reducing the redundancy in estimating the security requirements values, and increasing accuracy in estimation. The authors applied the expansion of the MFC model to the context of e-learning platforms.

Download Full-text

Mean Failure Cost as a Measurable Value and Evidence of Cybersecurity

International Journal of Secure Software Engineering ◽

10.4018/jsse.2013070104 ◽

2013 ◽

Vol 4 (3) ◽

pp. 64-81 ◽

Cited By ~ 3

Author(s):

Neila Rjaibi ◽

Latifa Ben Arfa Rabai ◽

Anis Ben Aissa ◽

Ali Mili

Keyword(s):

Cyber Security ◽

Risk Measure ◽

Learning Systems ◽

Security Requirements ◽

Online Information ◽

Security Measures ◽

Risk Management Process ◽

Failure Cost ◽

E Learning ◽

The Mean

Addressing Cybersecurity within e-Learning systems becomes empowered to make online information more secure. Certain competences need to be identified as necessary skills to manage security online such the ability to assess sources and architectural components, understanding the privacy, confidentiality and user authentication. Security management approaches quantifying security threats in e-learning are common with other e-services. It is of our need to adopt a quantitative security risk management process in order to determine the worthiest attack and the ignored one, based on financial business risk measure which is the measure of the mean failure cost.This paper proposes a cyber security measure called the Mean Failure Cost (MFC) suitable for e-Learning systems. It is based on the identification of system’s architecture, the well-defined classes of stakeholders, the list of possible threats and vulnerabilities and the specific security requirements related to e-Learning systems and applications. In the mean time, security requirements are considered as appropriate mechanisms for preventing, detecting and recovering security attacks, for this reason an extension of the MFC measure is presented in order to detect the most critical security requirements. Also this paper highlights the security measures and guidelines for controlling e-Learning security policies regarding the most critical security requirements.

Download Full-text