JIS  Vol.11 No.3 , July 2020
Reducing Threats by Using Bayesian Networks to Prioritize and Combine Defense in Depth Security Measures
Abstract: Studied in this article is whether the Bayesian Network Model (BNM) can be effectively applied to the prioritization of defense in-depth security tools and procedures and to the combining of those measures to reduce cyber threats. The methods used in this study consisted of scanning 24 peer reviewed Cybersecurity Articles from prominent Cybersecurity Journals using the Likert Scale Model for the article’s list of defense in depth measures (tools and procedures) and the threats that those measures were designed to reduce. The defense in depth tools and procedures are then compared to see whether the Likert scale and the Bayesian Network Model could be effectively applied to prioritize and combine the measures to reduce cyber threats attacks against organizational and private computing systems. The findings of the research reject the H0 null hypothesis that BNM does not affect the relationship between the prioritization and combining of 24 Cybersecurity Article’s defense in depth tools and procedures (independent variables) and cyber threats (dependent variables).
Cite this paper: Alexander, R. (2020) Reducing Threats by Using Bayesian Networks to Prioritize and Combine Defense in Depth Security Measures. Journal of Information Security, 11, 121-137. doi: 10.4236/jis.2020.113008.

[1]   Groat, S., Tront, J. and Marchany, R. (2012) Advancing the Defense in Depth Model. 7th IEEE International Conference on System of Systems Engineering, Genova, 16-19 July 2012, 285-290.

[2]   Cleghorn, L. (2013) Network Defense Methodology: A Comparison of Defense in Depth and Defense in Breadth. Journal of Information Security, 4, 144-149.

[3]   Pearl, J. (1985) Bayesian Networks: A Model of Self-Activated Memory for Evidential Reasoning (UCLA Technical Report CSD-850017). Proceedings of the Seventh Annual Conference of the Cognitive Science Society, Irvine, 15-17 April 1985, 329-334.

[4]   Meier, K.J., Favero, N. and Zhu, L. (2015) Performance Gaps and Managerial Decisions: A Bayesian Decision Theory of Managerial Action. Journal of Public Administration Research and Theory, 25, 1221-1246.

[5]   Shachter, R.D. (1988) Probabilistic Inference and Influence Diagrams. Operations Research, 36, 589-604.

[6]   Haddawy, P. (1999) An Overview of Some Recent Developments in Bayesian Problem-Solving Techniques. AI Magazine, 20, 11.

[7]   Schneier, B. (2006) Security in the Cloud.

[8]   Paulos, J.A. (2011) The Mathematics of Changing Your Mind [by Sharon Bertsch McGrayne]. Book Review. New York Times.

[9]   Kuipers, D. and Fabro, M. (2006) Control Systems Cyber Security: Defense in Depth Strategies (No. INL/EXT-06-11478). Idaho National Laborat.

[10]   Stankovic, J.A. (1985) An Application of Bayesian Decision Theory to Decentralized Control of Job Scheduling. IEEE Transactions on Computers, 34, 117-130.

[11]   Shachter, R.D. (1986) Evaluating Influence Diagrams. Operations Research, 34, 871-882.

[12]   Howard, R.A. and Matheson, J.E. (1984) Influence Diagrams. In: Howard, R.A. and Matheson, J.E., Eds., Readings on the Principles and Applications of Decision Analysis, Vol. II, Strategic Decisions Group, Menlo Park.

[13]   Cox, R.T. (1946) Probability, Frequency, and Reasonable Expectation. American Journal of Physics, 14, 1-10.

[14]   Jaynes, E.T. (1986) Bayesian Methods: General Background. In: Justice, J.H., Ed., Maximum-Entropy and Bayesian Methods in Applied Statistics, Cambridge University Press, Cambridge, 1-25.

[15]   de Finetti, B. (2017) Theory of Probability: A Critical Introductory Treatment. John Wiley & Sons Ltd., Chichester.

[16]   Influence Diagrams.

[17]   Cooper, C.R. and Schindler, P.S. (2008) Business Research Methods. 10th Edition, McGraw-Hill, Boston.

[18]   Balcerek, B., Frankowski, G., Kwiecień, A., Smutnicki, A. and Teodorczyk, M. (2012) Security Best Practices: Applying Defense-in-Depth Strategy to Protect the NGI_PL. In: Building a National Distributed e-Infrastructure-PL-Grid, Springer, Berlin, Heidelberg, 128-141.

[19]   Neumann, W.C., Corby, T.E. and Epps, G.A. (2008) U.S. Patent No. 7,428,754. U.S. Patent and Trademark Office, Washington DC.

[20]   Goztepe, K., Kilic, R. and Kayaalp, A. (2014) Cyber Defense in Depth: Designing Cyber Security Agency Organization for Turkey. Journal of Naval Science and Engineering, 10, 1-24.

[21]   National Commission for the Protection of Human Subjects (1979) Belmont Report: Ethical Principles and Guidelines for the Protection of Human Subjects of Research. Department of Health and Welfare, Washington DC.

[22]   Chen, P., Desmet, L. and Huygens, C. (2014) A Study on Advanced Persistent Threats. In: IFIP International Conference on Communications and Multimedia Security, Springer, Berlin, Heidelberg, 63-72.

[23]   Dictionary, M.W. (2015) An Encyclopedia Britannica Company.

[24]   Singh, A. and Bora, M.S. (2013) Cyber Threats and Security for Wireless Devices. JECET, 2, 277-284.

[25]   Rouse, M. (2007) Defense in Depth.

[26]   Cobb, M. (2014) Firewall.

[27]   Cole, B. (2014) Intrusion Detection System.

[28]   Mallik, A., Ahsan, A., Shahadat, M. and Tsou, J. (2019) Man-in-the-Middle-Attack: Understanding in Simple Words. International Journal of Data and Network Science, 3, 77-92.

[29]   Merriam-Webster (n.d.) Public-Key. Dictionary.

[30]   Pavlyushchik, M.A. (2014) U.S. Patent No. 8,713,631. U.S. Patent and Trademark Office, Washington DC.

[31]   Pavlyushchik, M.A. (2014) U.S. Patent No. 8,713,631. U.S. Patent and Trademark Office, Washington, DC.