Functional Specification to Support Security Risk Assessment of Large Systems
Measuring the security of organizations is needed to obtain security evidence. We believe that common security identification and quantification related to system’s functionalities can be extended to be used in other systems. Security measurements are common at the business process layer. This paper supports the development of security metrics according to each function of a related system. An elementary metric quantify risk by system’s function. This leads to improve security risk analysis and communication for decision making.
KeywordsCyber security metrics E-Learning Mean failure cost Risk management Security measures Functional specification
- 1.Jansen, W.A.: NIST IR 7564: Directions in security metrics research. National Institute of Standards and Technology, US Department of Commerce, Gaithersburg (2009)Google Scholar
- 2.Wang, L., Singhal, A., Jajodia, S.: Toward measuring network security using attack graphs. In: Proceedings of the 2007 ACM Workshop on Quality of Protection, pp. 49–54. ACM (2007)Google Scholar
- 3.Final Report of Task Group IST-049, Improving Common Security Risk Analysis (2008)Google Scholar
- 4.Chen, Y., He, W.: Security risks and protection in online learning: a survey. Int. Rev. Res. Open Distrib. Learn. 14(5) (2013)Google Scholar
- 7.Rjaibi, N., Rabai, L.B.A.: Maximizing security management performance and decision with the MFC cyber-security risk management model. EAI Endorsed Trans. e-Learn. 4(15) (2017)Google Scholar