Neila Rjaibi

Quantifying security threats for E-learning systems

As the reach of the internet expands to cover ever broader aspects of our economic and social welfare, cyber security is emerging as a major concern for researchers and practitioners, dealing as it does with privacy, confidentiality, user authentication, etc. E-learning systems epitomize computing systems and networks of the internet generation, since they involve multiple stakeholders, geographically distributed resources and data, and special requirements for confidentiality, authentication, and privacy. In this paper, we discuss the application of a cyber security metric to E-learning systems, in light of their standard architecture, their well-defined classes of stakeholders, and their specific security requirements.

Mean Failure Cost as a Measurable Value and Evidence of Cybersecurity: E-Learning Case Study

Addressing Cybersecurity within e-Learning systems becomes empowered to make online information more secure. Certain competences need to be identified as necessary skills to manage security online such the ability to assess sources and architectural components, understanding the privacy, confidentiality and user authentication. Security management approaches quantifying security threats in e-learning are common with other e-services. It is of our need to adopt a quantitative security risk management process in order to determine the worthiest attack and the ignored one, based on financial business risk measure which is the measure of the mean failure cost.This paper proposes a cyber security measure called the Mean Failure Cost MFC suitable for e-Learning systems. It is based on the identification of systems architecture, the well-defined classes of stakeholders, the list of possible threats and vulnerabilities and the specific security requirements related to e-Learning systems and applications. In the mean time, security requirements are considered as appropriate mechanisms for preventing, detecting and recovering security attacks, for this reason an extension of the MFC measure is presented in order to detect the most critical security requirements. Also this paper highlights the security measures and guidelines for controlling e-Learning security policies regarding the most critical security requirements.

Modeling the propagation of security threats: An e-learning case study

In this paper, we propose a novel linear model for modeling the propagation of security threats among the systems architectural components which is the Threats Propagation model (TP). Our model is based on the Mean Failure Cost cyber-security model (MFC) and applied to an e-learning system. The Threats propagation model (TP) enables to show if a threat can propagate to other e-learning systems components. Then, it provides an efficient diagnostic about the most critical threats in order to make the best decision and to establish the suitable countermeasures to avoid them. Our proposed model is useful to implement a safe and secure e-learning environment.

Functional Specification to Support Security Risk Assessment of Large Systems

Measuring the security of organizations is needed to obtain security evidence. We believe that common security identification and quantification related to system’s functionalities can be extended to be used in other systems. Security measurements are common at the business process layer. This paper supports the development of security metrics according to each function of a related system. An elementary metric quantify risk by system’s function. This leads to improve security risk analysis and communication for decision making.

Maximizing Security Management Performance and Decisions with the MFC Cyber Security Model: e- learning case study

The Mean failure Cost (MFC) is a cascade of linear models that quantify security threats by taking into consideration the system’s stakeholders, security requirements, architectural components and threats. This quantitative cyber security model monetizes system’s security in terms of cost which may be lost due to security failure. The lack of quantitative security models in security decision making is a way to discover strengths and uniqueness of the MFC cyber security model. This paper intends to extend this measure into a security risk management model for ultra large systems and to exploit the previously presented MFC model’s characteristics in security decision making relying on a rigorous and quantifiable analysis of financial returns. In fact, we intend to provide a possible solution to security problems using the MFC model in order to set the highest security priorities and choose the suitable countermeasures as well as computing the profitability of the proposed security countermeasures through the Return on Investment (ROI) based on the MFC’s values for each stakeholder. This will lead to monitoring the effectiveness of the proposed security countermeasures, ensuring the best solution choice by saving both time and money and providing a security decision maker with adequate justification to perform his security choice. The practical investigation is to be conducted thought the context of e-learning platforms.

Monitoring the Effectiveness of Security Countermeasures in a Security Risk Management Model

Through our studies, successful and relevant security risk management models help to choose the right security measures which are vital in business analysis. In earlier works, an interesting value based cybersecurity metric namely the Mean failure Cost (MFC) has been presented. It computes for each system’s stakeholder his loss of operation in monetary term taking into consideration the security requirements, the architectural components and threats of such a system. In this paper, our intention is to extend this measure into a security risk management process in order to highlight the security priorities, implement controls and countermeasures then monitor the effectiveness of the chosen security solution by using the return on investment (ROI). Our attempt is to maximize the security management performance and business decisions by saving both time and money. The practical investigation is conducted thought the context of e-learning systems.