Rjaibi et al., International Journal of Advanced Research in Computer Science and Software Engineering 2 (11), November- 2012, pp. 1-15 © 2012, IJARCSSE All Rights Reserved Page | 1 Cyber Security Measurement in Depth for E-learning Systems Neila Rjaibi * Department of computer science, ISG, Tunis, Tunisia rjaibi_neila@yahoo.fr Latifa Ben Arfa Rabai Department of computer science, ISG, Tunis, Tunisia latifa.rabai@isg.rnu.tn Anis Ben Aissa Department of computer science, ENIT, Tunis, Tunisia anis_enit@yahoo.fr Mohamed Louadi Department of computer science, ISG, Tunis, Tunisia mlouadi@louadi.com Abstract—As the reach of the internet expands to cover ever broader aspects of our economic and social welfare, cyber security is emerging as a major concern for researchers and practitioners, dealing as it does with privacy, confidentiality, user authentication, etc. E-learning systems epitomize computing systems and networks of the internet generation, since they involve multiple stakeholders, geographically distributed resources and data, and special requirements for confidentiality, authentication, and privacy. In this paper, we illustrate a rigorous cyber security measure of dependability to quantify security threats which is the Mean Failure Cost for E-learning systems. The proposed infrastructure, allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In addition, we have extended its formula to measure the critical security requirements. Our focus is to offer a diagnostic of possible problems of the non secure systems and a depth insight interpretation about critical requirements, critical threats and critical components regarding the cyber system. This extension is beneficial and opens a wide range of possibilities for further economics based analysis. The theoretical aspects, the practical case study and the deep of interpretation developed in this paper offer strengths guidelines in the science of cyber security in our modern society. Keywords—Cyber security metrics; Risk management; E-learning; Mean Failure Cost; Security diagnostic; Critical requirements. I. INTRODUCTION In today's Internet age, E-systems are widespread and considered essential in our modern society. These systems require the sharing and the distribution of information. E-systems are vulnerable; serious security threats include software attacks (viruses, worms, macros, denial of service), espionage, acts of theft (illegal equipment or information) and intellectual property (piracy, copyright, infringement) [6]. Actually the Internet is the main source of all threats and illegal activities. Consequently, E-systems are threatened exponentially, statistics have shown that organizations are currently investing in security resources. It has been shown that through 2005 the total global revenue for security products and service vendors amounted to $21.1 billion. Another source indicated that from 1999 to 2000, the number of organizations spending more than $ 1 million annually on security nearly doubled, so, expenditures have increased from 12% of all organizations revenues in 1999 to 23% in 2000 [31]. In fact, it is a challenging task for organizations to put the emphasis on security risk management in order to measure and assess security risk and provide a good plan for risk mitigation. Security is a current issue that needs to be addressed to ensure a safer running of organization systems with higher quality. In addition, security is a top priority, hence developing security instruments and new tools of security management and mitigation are necessary because they guarantee the availability of services and processes with higher quality and low cost [3, 4 and 14]. It is important to assess and to measure the security risk and its potential impact [1, 2 and 21]. Research has been conducted in this perspective to improve security management approaches and models which are quantitative or qualitative. These strategies are useful to highlight the power of the security management. Quantitative security management models are considered as a hard task to measure the potential security risk impact caused by the attacks but they are more useful to analyze and interpret estimative value and to provide a good plan for risk mitigation [5, 20].