“…In [13], the authors state that there is no deployed sec-SLA and point out the related issues. That is, the definition of a security quantifiable metric is challenging due to the fact that security is a collection of properties, varying from service performances to process maturity [14].…”