Welcome to the InfoSci Platform
Reference Hub2
Expansion and Practical Implementation of the MFC Cybersecurity Model via a Novel Security Requirements Taxonomy

Expansion and Practical Implementation of the MFC Cybersecurity Model via a Novel Security Requirements Taxonomy

Neila Rjaibi, Latifa Ben Arfa Rabai
Copyright: © 2015 |Volume: 6 |Issue: 4 |Pages: 20
ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781466678682|DOI: 10.4018/IJSSE.2015100102
Cite Article Cite Article

MLA

Rjaibi, Neila, and Latifa Ben Arfa Rabai. "Expansion and Practical Implementation of the MFC Cybersecurity Model via a Novel Security Requirements Taxonomy." IJSSE vol.6, no.4 2015: pp.32-51. http://doi.org/10.4018/IJSSE.2015100102

APA

Rjaibi, N. & Rabai, L. B. (2015). Expansion and Practical Implementation of the MFC Cybersecurity Model via a Novel Security Requirements Taxonomy. International Journal of Secure Software Engineering (IJSSE), 6(4), 32-51. http://doi.org/10.4018/IJSSE.2015100102

Chicago

Rjaibi, Neila, and Latifa Ben Arfa Rabai. "Expansion and Practical Implementation of the MFC Cybersecurity Model via a Novel Security Requirements Taxonomy," International Journal of Secure Software Engineering (IJSSE) 6, no.4: 32-51. http://doi.org/10.4018/IJSSE.2015100102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

In security risk management practices if we cannot measure, we can neither control nor improve. A challenging issue in the context of cyber security is to deal with the orthogonal classification of security requirements. A literature review has shown that there are different models of security requirements. Everyone examines some requirements and neglects others. In this paper, the authors intend to answer the question: what taxonomy of security requirements should we use in a security quantification process? It is thus imperative to build a standard, unified and hierarchical taxonomy which incorporates 13 security requirements and then refined in layer into 31 sub-factors referring to the variety of the proposed models based on previous works. The Mean Failure Cost model (MFC) is a recent, strong and structural risk management model. It is a cascade of linear models to quantify security threats in term of loss that results from system's vulnerabilities. It computes for each system's stakeholders his loss of operation ($/H) while taking account of its respective users, security requirements, system's components and the complete list of security threats. The proposed taxonomy is used to optimize quantification using the MFC metric by reducing the redundancy in estimating the security requirements values, and increasing accuracy in estimation. The authors applied the expansion of the MFC model to the context of e-learning platforms.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.