
Research Article
Maximizing Security Management Performance and Decisions with the MFC Cyber Security Model: e- learning case study
@ARTICLE{10.4108/eai.29-11-2017.153389, author={N. Rjaibi and L. B. A. Rabai}, title={Maximizing Security Management Performance and Decisions with the MFC Cyber Security Model: e- learning case study}, journal={EAI Endorsed Transactions on e-Learning}, volume={4}, number={15}, publisher={EAI}, journal_a={EL}, year={2017}, month={11}, keywords={Management, Measurement, Security, Economics, Security Countermeasures, The Return On Investment, Decision Making, e-Business Management.}, doi={10.4108/eai.29-11-2017.153389} }
- N. Rjaibi
L. B. A. Rabai
Year: 2017
Maximizing Security Management Performance and Decisions with the MFC Cyber Security Model: e- learning case study
EL
EAI
DOI: 10.4108/eai.29-11-2017.153389
Abstract
The Mean failure Cost (MFC) is a cascade of linear models that quantify security threats by taking into consideration the system’s stakeholders, security requirements, architectural components and threats. This quantitative cyber security model monetizes system’s security in terms of cost which may be lost due to security failure. The lack of quantitative security models in security decision making is a way to discover strengths and uniqueness of the MFC cyber security model. This paper intends to extend this measure into a security risk management model for ultra large systems and to exploit the previously presented MFC model’s characteristics in security decision making relying on a rigorous and quantifiable analysis of financial returns. In fact, we intend to provide a possible solution to security problems using the MFC model in order to set the highest security priorities and choose the suitable countermeasures as well as computing the profitability of the proposed security countermeasures through the Return on Investment (ROI) based on the MFC’s values for each stakeholder. This will lead to monitoring the effectiveness of the proposed security countermeasures, ensuring the best solution choice by saving both time and money and providing a security decision maker with adequate justification to perform his security choice. The practical investigation is to be conducted thought the context of e-learning platforms.
Copyright © 2017 Rjaibi et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.