Monitoring the effectiveness of security countermeasures in a security risk management model

Abstract

Through our studies, successful and relevant security risk management models help to choose the right security measures which are vital in business analysis. In earlier works, an interesting value based cybersecurity metric namely the Mean failure Cost (MFC) has been presented. It computes for each system’s stakeholder his loss of operation in monetary term taking into consideration the security requirements, the architectural components and threats of such a system. In this paper, our intention is to extend this measure into a security risk management process in order to highlight the security priorities, implement controls and countermeasures then monitor the effectiveness of the chosen security solution by using the return on investment (ROI). Our attempt is to maximize the security management performance and business decisions by saving both time and money. The practical investigation is conducted thought the context of e-learning systems.