Wilamowski, George Christopher. (The George Washington University), “Using Analytical Network Processes to Create Authorization, Authentication, and Accounting Cyber Security Metrics” (2017)

You are here

Inside Signal Processing Newsletter Home Page

Top Reasons to Join SPS Today!

1. IEEE Signal Processing Magazine
2. Signal Processing Digital Library*
3. Inside Signal Processing Newsletter
4. SPS Resource Center
5. Career advancement & recognition
6. Discounts on conferences and publications
7. Professional networking
8. Communities for students, young professionals, and women
9. Volunteer opportunities
10. Coming soon! PDH/CEU credits
Click here to learn more.

10 years of news and resources for members of the IEEE Signal Processing Society

Wilamowski, George Christopher. (The George Washington University), “Using Analytical Network Processes to Create Authorization, Authentication, and Accounting Cyber Security Metrics” (2017)

Wilamowski, George Christopher. (The George Washington University), “Using Analytical Network Processes to Create Authorization, Authentication, and Accounting Cyber Security Metrics” (2017) Advisor: Sarkani, Shahram and Mazzuchi, Thomas

Cyber-attacks have escalated, causing decision makers to assess the trade-offs required to protect their organizations from such attacks. The use of benchmarking techniques to reduce cyber security risks would allow decision makers to use both qualitative and quantitative analyses. Systems engineering provides unique insights into the validation of an organization’s criteria for operational objectives through measures of effectiveness for cyber-security decisions.

Decision makers can create cyber-defense strategies by using benchmarking to assess the effectiveness of Authentication, Authorization, and Accounting (AAA) access controls. This dissertation explores the use of the Analytical Network Process (ANP) Multi-Criteria Decision Making (MCDM) model to derive those strategies. A network/access mobile security use case was developed in a generalized application- benchmarking framework. Three communities of interest, the local area network (LAN), wide area network (WAN), and Remote Users, were referenced while demonstrating how to prioritize alternatives within weighted rankings. Subjective judgments carry tremendous weight in the minds of cyber-security decision makers.

Over 500 cyber security Subject Matter Experts (SMEs) completed a survey, giving insights into their expertise and seasoned judgement. They came from a broad cross-section of environments including Military, Government, Nonprofit, and Commercial industries. Using their responses, a generalized application-benchmarking framework was developed that shows how leaders can connect to their technical staffs, thus instantiating cyber defenses that hold the most promise.

The framework consists of four functional areas: (1) Hierarchical Structure; (2) Judgment Dominance with Alternatives; (3) Measures, and (4) Analysis. These four functional areas allow for three composite types: Form, Fit-For-Purpose, and Function to initiate processes and procedures in developing a measure of effectiveness for cyber-security controls. Within the Form composite type, a data parser was used to break the collected raw data into multiple tabulated forms for continued analysis to include an ANP cyber-security controls diagram. The Fit-For-Purpose composite analyzed the data in relation to data normalization, chi-square test for independence, residual plotting, the general linear model (GLM), geometric mean, and Cronbach’s alpha. Once the data were analyzed, the information was refined within the Function composite and subjected to pairwise comparisons within the ANP models for continued development of benchmarking scorecards. The result of that process was a security rating for LAN, WAN, and remote-user configurations.

In the final analysis, it was determined that a generalized application-benchmarking framework can be employed to derive Measures of Effectiveness (MOEs) based on SME preferences for security controls. The security measures formulated from the model allowed them to be given weighted scores and to be ranked from the development of ANP scorecards for each industry type. The scorecards and rankings allow industry security managers to compare their own rankings against the benchmarked scorecards to increase the effectiveness of cyber-security controls within their organizations.

Table of Contents:

SPS on Twitter

  • Celebrate with the Women in Signal Processing Committee! Join us this Monday, 8 March at 7:30 AM ET for Dr… https://t.co/yJAI7kmKDN
  • Share SPS membership with your students, colleagues, and friends! Celebrate - Students and Professionals… https://t.co/qXNA12wxQ6
  • DEADLINE APPROACHING: The IEEE Transactions on Multimedia is accepting submissions for a Special Issue on Learning… https://t.co/XHR6eqwR1p
  • Celebrate now through 27 February! Get a 50% discount on SPS membership – offers available for Student a… https://t.co/enKoDMwiek
  • The SPACE Webinar Series continues Tuesday, 23 February at 10:00 AM EST when Dr. Pier Luigi Dragotti presents "Comp… https://t.co/FcZaAiHzZE

SPS Videos


Signal Processing in Home Assistants

 


Multimedia Forensics


Careers in Signal Processing             

 


Under the Radar