Department of computer science ISG Tunis, Tunisia 1 jouini.mouna@yahoo.fr 3 latifa.rabai@isg.rnu.tn Department of computer science ENIT Tunis, Tunisia 2 anis_enit@yahoo.fr College of Computing Sciences New Jersey Institute of Technology Newark NJ 07102-1982 USA 4 mili@cis.njit.ed ABSTRACT KEYWORDS Cloud computing, cyber security metrics, mean failure cost, security requirements, security threats, threats classification. 1 INTRODUCTION With the rapid development of processing and storage technologies and the emergence of the Internet, computing resources have become cheaper, more powerful and more ubiquitously available than ever before. As a consequence, IT service providers are faced to challenges of expanding the structures and infrastructures with small expenditure and short a time in order to provide rising demands from their customers. To address these business challenges, cloud computing architecture was developed. In this technology, end users avail themselves of computing resources and services as a public utility, rather than a privately run small scale computing facility. In the same way that we use electricity as a public utility (rather than build our own generators), and that we use water as a public utility (rather than dig our own well), and that we use phone service as a public utility (rather than build and operate our own cell tower), we want to use computing services as a public utility. Such a service would be available to individuals and organizations, large and small, and would operate on the same pattern as other public utilities, namely: • Subscribers sign up for service from a service provider, on a contractual basis. • The service provider delivers services of data processing, data access and data storage to subscribers. • The service provider offers warranties on the quality of services delivered. Towards quantitative measures of Information Security: A Cloud Computing case study Mouna Jouini 1 , Anis Ben Aissa 2 , Latifa Ben Arfa Rabai 3 , Ali Mili 4 Cloud computing is a prospering technology that most organizations consider as a cost effective strategy to manage Information Technology (IT). It delivers computing services as a public utility rather than a personal one. However, despite the significant benefits, these technologies present many challenges including less control and a lack of security. In this paper, we illustrate the use of a cyber security metrics to define an economic security model for cloud computing system. We, also, suggest two cyber security measures in order to better understand system threats and, thus, propose appropriate counter measure to mitigate them. 248 International Journal of Cyber-Security and Digital Forensics (IJCSDF) 1(3): 248-262 The Society of Digital Information and Wireless Communications, 2012 (ISSN: 2305-0012)