1. IEEE Signal Processing Magazine
2. Signal Processing Digital Library*
3. Inside Signal Processing Newsletter
4. SPS Resource Center
5. Career advancement & recognition
6. Discounts on conferences and publications
7. Professional networking
8. Communities for students, young professionals, and women
9. Volunteer opportunities
10. Coming soon! PDH/CEU credits
Click here to learn more.
10 years of news and resources for members of the IEEE Signal Processing Society
Wilamowski, George Christopher. (The George Washington University), “Using Analytical Network Processes to Create Authorization, Authentication, and Accounting Cyber Security Metrics” (2017) Advisor: Sarkani, Shahram and Mazzuchi, Thomas
Cyber-attacks have escalated, causing decision makers to assess the trade-offs required to protect their organizations from such attacks. The use of benchmarking techniques to reduce cyber security risks would allow decision makers to use both qualitative and quantitative analyses. Systems engineering provides unique insights into the validation of an organization’s criteria for operational objectives through measures of effectiveness for cyber-security decisions.
Decision makers can create cyber-defense strategies by using benchmarking to assess the effectiveness of Authentication, Authorization, and Accounting (AAA) access controls. This dissertation explores the use of the Analytical Network Process (ANP) Multi-Criteria Decision Making (MCDM) model to derive those strategies. A network/access mobile security use case was developed in a generalized application- benchmarking framework. Three communities of interest, the local area network (LAN), wide area network (WAN), and Remote Users, were referenced while demonstrating how to prioritize alternatives within weighted rankings. Subjective judgments carry tremendous weight in the minds of cyber-security decision makers.
Over 500 cyber security Subject Matter Experts (SMEs) completed a survey, giving insights into their expertise and seasoned judgement. They came from a broad cross-section of environments including Military, Government, Nonprofit, and Commercial industries. Using their responses, a generalized application-benchmarking framework was developed that shows how leaders can connect to their technical staffs, thus instantiating cyber defenses that hold the most promise.
The framework consists of four functional areas: (1) Hierarchical Structure; (2) Judgment Dominance with Alternatives; (3) Measures, and (4) Analysis. These four functional areas allow for three composite types: Form, Fit-For-Purpose, and Function to initiate processes and procedures in developing a measure of effectiveness for cyber-security controls. Within the Form composite type, a data parser was used to break the collected raw data into multiple tabulated forms for continued analysis to include an ANP cyber-security controls diagram. The Fit-For-Purpose composite analyzed the data in relation to data normalization, chi-square test for independence, residual plotting, the general linear model (GLM), geometric mean, and Cronbach’s alpha. Once the data were analyzed, the information was refined within the Function composite and subjected to pairwise comparisons within the ANP models for continued development of benchmarking scorecards. The result of that process was a security rating for LAN, WAN, and remote-user configurations.
In the final analysis, it was determined that a generalized application-benchmarking framework can be employed to derive Measures of Effectiveness (MOEs) based on SME preferences for security controls. The security measures formulated from the model allowed them to be given weighted scores and to be ranked from the development of ANP scorecards for each industry type. The scorecards and rankings allow industry security managers to compare their own rankings against the benchmarked scorecards to increase the effectiveness of cyber-security controls within their organizations.
|Nominate an IEEE Fellow today!||1 March 2021|
|Deadline Extended - Call for Officer Nominations: President-Elect and Vice President-Technical Directions||5 March 2021|
|Deadline Extended - Call for Officer Nominations: President-Elect and Vice President-Technical Directions||12 March 2021|
|Call for Nominations for Editor-in-Chief||5 April 2021|
|Call for Nominations: Chief Editor, SigPort and Chief Editor, Resource Center||5 April 2021|
|Call for Nominations: Board of Governors Members-at-Large and Regional Directors-at-Large||7 April 2021|
© Copyright 2021 IEEE – All rights reserved. Use of this website signifies your agreement to the IEEE Terms and Conditions.
A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.