JIS  Vol.8 No.3 , July 2017
Using the Analytical Hierarchy Process Model in the Prioritization of Information Assurance Defense In-Depth Measures?—A Quantitative Study
Abstract: Organizational computing devices are increasingly becoming targets of cyber-attacks, and organizations have become dependent on the safety and security of their computer networks and their organizational computing devices. Business and government often use defense in-depth information assurance measures such as firewalls, intrusion detection systems, and password procedures across their enterprises to plan strategically and manage IT security risks. This quantitative study explores whether the analytical hierarchy process (AHP) model can be effectively applied to the prioritization of information assurance defense in-depth measures. In response to these threats, the President, legislators, experts, and others have characterized cyber security as a pressing national security issue. The methods used in this study consisted of emailing study participants a survey requesting that they prioritize five defense in-depth information assurance measures, anti-virus, intrusion detection, password, smart-cards, and encryption, with a range of responses from 1 - 5 using a Likert scale to consider standard cost, effectiveness, and perceived ease of use in terms of protection of organizational computing devices. The measures were then weighted, based on ranking. A pair-wise comparison of each of the five measures is then made using AHP to determine whether the Likert scale and the AHP model could be effectively applied to the prioritization of information assurance measures to protect organizational computing devices. The findings of the research reject the H0 null hypothesis that AHP does not affect the relationship between the information technology analysts’ prioritization of five defense in-depth dependent variables and the independent variables of cost, ease of use, and effectiveness in protecting organizational devices against cyber-attacks.
Cite this paper: Alexander, R. (2017) Using the Analytical Hierarchy Process Model in the Prioritization of Information Assurance Defense In-Depth Measures?—A Quantitative Study. Journal of Information Security, 8, 166-173. doi: 10.4236/jis.2017.83011.

[1]   Biesecker, C. (2010) DHS IG Finds Adequate Cyber Security Controls but More Needed. Defense Daily, 247, 8.

[2]   Lawrence, D.P. (2013) Impact Assessment: Practical Solutions to Recurrent Problems and Contemporary. 2nd Edition, Wiley & Sons, Hoboken.

[3]   Basagiannis, S., Petridou, S., Alexiou, N., Papadimitriou, G. and Katsaros, P. (2011) Quantitative Analysis of a Certified e-Mail Protocol in Mobile Environments: A Probabilistic Model Checking Approach. Computers & Security, 30, 257-272.

[4]   Saaty, T.L. (1994) How to Make a Decision: The Analytic Hierarchy Process. Interfaces, 24, 19-43.

[5]   Al-Harbi, K. (2001) Application of the AHP in Project Management. International Journal of Project Management, 19, 19-27.

[6]   Utugizaki, M., Udagawa, M., Shinohara, M. and Osawa, K. (2007) Consistency Index for the Whole Decision Making. Proceedings of DEA Symposium 2007, Osaka University, Osaka, 102-105.

[7]   Geoff, C. (2004) The Analytic Hierarchy Process (AHP). Pearson Education, Upper Saddle River.

[8]   Cooper, C.R. and Schindler, P.S. (2008) Business Research Methods. 10th Edition, McGraw-Hill, Boston.

[9]   National Commission for the Protection of Human Subjects (1979) Belmont Report: Ethical Principles and Guidelines for the Protection of Human Subjects of Research. Department of Health and Welfare, Washington DC.

[10]   Rouse, M. (2007) Defense in Depth.

[11]   Effectiveness.

[12]   Cobb, M. (2014) Firewall.

[13]   Cole, B. (2014) Intrusion Detection System.

[14]   Alexander, M. (2012) Making Use of the Analytic Hierarchy Process (AHP) and SAS/IML. Social Security Administration, Baltimore, MD.

[15]   Rouse, M. (2007) Password.

[16]   Davis, F.D. (1989) Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology. MIS Quarterly, 13, 319-340.

[17]   Cobb, M. and Meckley, J. (2016) Smart Card.

[18]   Standard Cost (n.d.). In Business Dictionary.