Advertisement

Software Requirements for an Ultra Large Scale System to Compute Multi Dimension Mean Failure Cost

  • Mouna JouiniEmail author
  • Latifa Ben Arfa Rabai
  • Ridha Khedri
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 931)

Abstract

In previous work, we presented a quantitative cyber security risk assessment model that quantifies the security of a system in financial terms. Our model assesses the cost of the failure of an information system security with regards to threats dimensions. In this assessment, we consider that the threats world can be divided into several threats dimensions and perspectives. In this paper, we discuss the specification and design of an automated tool that manage and maintains information that pertains to estimating the security risk supported by our risk assessment model.

Keywords

Cyber security metrics Security risk assessment Security Multi dimension mean failure cost (M2FC) Cloud computing Automated tool 

References

  1. 1.
    ISO/IEC 17799: (E), Information technology—Security techniques—Code of practice for information security management (2005)Google Scholar
  2. 2.
    Kwok, L., Dennis Longley, D.: Information security management and modeling. Inf. Manage. Comput. Secur. 7, 30–40 (1999)CrossRefGoogle Scholar
  3. 3.
    NIST SP 800-53: Information Security Handbook: A Guide for Managers (2006)Google Scholar
  4. 4.
    National Institute of Standards and Technology, Information Security - Guide for Conducting Risk Assessments (2002)Google Scholar
  5. 5.
    Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems: Recommendations of the national institute of standards and technology. National Institute of Standards and Technology (NIST) Special Publication 800-30, U.S. Government Printing Office (2001)Google Scholar
  6. 6.
    Aissa, A.B., Abercrombie, R.K., Sheldon, F.T., Mili, A.: Quantifying security threats and their potential impacts: a case study. ISSE 6(4), 269–281 (2010)CrossRefGoogle Scholar
  7. 7.
    Mayer, N.: Model-based management of information system security risk. Ph.D. Thesis (2009)Google Scholar
  8. 8.
    Avizienis, A., Laprie, J.C., Randell, B.: Dependability and its threats: a taxonomy. In: IFIP Congress Topical Sessions, pp. 91–120 (2004)Google Scholar
  9. 9.
    Jouini, M., Ben Arfa Rabai, L.: A Security Risk Management Model for Cloud Computing Systems: Infrastructure as a Service. SpaCCS 2017, pp. 594–608 (2017)Google Scholar
  10. 10.
    Jouini, M., Ben Arfa Rabai, L., Khédri, R.: A multidimensional approach towards a quantitative assessment of security threats. ANT/SEIT 2015, pp. 507–514 (2015)Google Scholar
  11. 11.
    Jouini, M., Ben Arfa Rabai, L.: A security framework for secure cloud computing environments. IJCAC 6(3), 32–44 (2016)CrossRefGoogle Scholar
  12. 12.
    Jouini, M., Ben Arfa Rabai, L.: A multi-dimensional mean failure cost model to enhance security of cloud computing systems. IJERTCS 7(2), 1–14 (2016)CrossRefGoogle Scholar
  13. 13.
    Goettelmann, E., Dahman, K., Gateau, B., Dubois, E., Godart, C.: A security risk assessment model for business process deployment in the cloud, SCC. IEEE, pp. 307–314 (2014)Google Scholar
  14. 14.
    Zhao, X., Dai, M., Ren, S., Li, L., Duan, Z.: Risk assessment model of information security for transportation industry system based on risk matrix. Appl. Math. Inf. Sci. 3, 1301–1306 (2014)Google Scholar
  15. 15.
    White, J.M.: Security Risk Assessment Managing Physical and Operational Security (2014)CrossRefGoogle Scholar
  16. 16.
    Sun, L., Srivastava, R.P., Mock, T.J.: An information systems security risk assessment model under dempsterschafer theory of belief functions. J. Manage. Inf. Syst. 22(4), 109–142 (2006)Google Scholar
  17. 17.
    Nincic, D.J., Bruce, C.: The utility of risk assessment tools in maritime security analysis. http://iamu-edu.org/wp-content/uploads/2014/07/28_TheUtilityofRisk.pdf
  18. 18.
    Daly, J.C.K.: Al-Qaeda and maritime terrorism, part I, The Terrorism Monitor, Jamestown Foundation (2003)Google Scholar
  19. 19.
    Richardson, M.: A time bomb for global trade: Maritime-related terrorism in an age of weapons of mass destruction, Viewpoints, Institute of South East Asian Studies (2004)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Mouna Jouini
    • 1
    Email author
  • Latifa Ben Arfa Rabai
    • 1
  • Ridha Khedri
    • 2
  1. 1.SMART LaboratoryHigher Institute of ManagementTunisTunisia
  2. 2.Department of Computing and SoftwareMcMaster UniversityHamiltonCanada

Personalised recommendations