Back
 JIS  Vol.11 No.2 , April 2020
Using the Latin Square Design Model in the Prioritzation of Network Security Threats: A Quantitative Study
Abstract: Society is becoming increasingly dependent on cyberspace for both business and pleasure. Cyber attackers continue to attack organizational computer networks, as those same computer networks become increasing critical to organizational business process. Strategic planning and managing IT security risks play an important role in the business and government planning process. Deploying defense in depth security measures can ensure that organizations continue to function in times of crisis. This quantitative study explores whether the Latin Square Design (LSD) model can be effectively applied to the prioritization of cybersecurity threats and to the linking of information assurance defense in-depth measures to those threats. The methods used in this study consisted of scanning 10 Cybersecurity Websites such as the Department of Homeland Security US CERT (United States-Computer Emergency Readiness Team [1]) and the SANS Institute (SysAdmin, Audit, Network and Security [2]) using the Likert Scale Model for the Website’s top ten list of cyber threats facing organizations and the network defense in depth measures to fight those threats. A comparison of each cybersecurity threats was then made using LSD to determine whether the Likert scale and the LSD model could be effectively applied to prioritize information assurance measures to protect organizational computing devices. The findings of the research reject the H0 null hypothesis that LSD does not affect the relationship between the ranking of 10 Cybersecurity websites top ten cybersecurity threats dependent variables and the independent variables of defense in depth measures used in protecting organizational devices against cyber-attacks.
Cite this paper: Alexander, R. (2020) Using the Latin Square Design Model in the Prioritzation of Network Security Threats: A Quantitative Study. Journal of Information Security, 11, 92-102. doi: 10.4236/jis.2020.112006.
References

[1]   Department of Homeland Security US CERT.
https://www.us-cert.gov/sites/default/files/publications/RisksOfPortableDevices.pdf

[2]   SANS Institute.
https://www.sans.org/blog/wasc-web-hacking-incident-database-semi-annual-report/

[3]   Bishop, M. (1991) An Overview of Computer Viruses in a Research Environment.

[4]   Cleghorn, L. (2013) Network Defense Methodology: A Comparison of Defense in Depth and Defense in Breadth. Journal of Information Security, 4, 144-149.
https://doi.org/10.4236/jis.2013.43017

[5]   Goztepe, K., Kilic, R. and Kayaalp, A. (2014) Cyber Defense in Depth: Designing Cyber Security Agency Organization for Turkey. Journal of Naval Science and Engineering, 10, 1-24.

[6]   Biesecker, C. (2010) DHS IG Finds Adequate Cybersecurity Controls but More Needed. Defense Daily, 247, 8.

[7]   Gaio, L. (2005) Latin Squares in Experimental Design. Michigan State University, East Lansing.

[8]   Vatutin, E., Zaikin, O., Kochemazov, S. and Valyaev, S. (2017) Using Volunteer Computing to Study Some Features of Diagonal Latin Squares. Open Engineering, 7, 453-460. https://doi.org/10.1515/eng-2017-0052

[9]   Raghavarao, D. (1988) Constructions and Combinatorial Problems in Design of Experiments. Corrected Reprint of the 1971 Wiley ed., Dover, New York.

[10]   Pasles, E.B. (2004) Mutually Nearly Orthogonal Latin Squares and Their Applications. Doctoral Dissertation, Temple University, Philadelphia.

[11]   Hajirasouliha, I., Jowhari, H., Kumar, R. and Sundaram, R. (2007) On Completing Latin Squares. In: Annual Symposium on Theoretical Aspects of Computer Science, Springer, Berlin, Heidelberg, 524-535.
https://doi.org/10.1007/978-3-540-70918-3_45

[12]   Jungnickel, D. (1980) On Difference Matrices and Regular Latin Squares. Abhandlungen aus dem Mathematischen Seminar der Universität Hamburg, 50, 219-231.
https://doi.org/10.1007/BF02941430

[13]   Bailey, R.A. (2008) 6 Row-Column Designs and 9 More about Latin Squares. In: Design of Comparative Experiments, Cambridge University Press, Cambridge.

[14]   Riggs, C. (2004) Network Perimeter Security: Building Defense In-Depth. Auerbach Publications, New York.
https://doi.org/10.1201/9780203508046

[15]   Hathaway, M. (2014) Best Practices in Computer Network Defense: Incident Detection and Response.
https://ebookcentral-proquest-com.library.capella.edu

[16]   Bhola, S., Kaur, S. and Kumar, G. (2015) Internet Threats and Prevention—A Brief Review. IJCA Proceedings on International Conference on Advancements in Engineering and Technology, August 2015, No. 10, 13-17.

[17]   Cooper, C.R. and Schindler, P.S. (2008) Business Research Methods. 10th Edition, McGraw-Hill, Boston.

[18]   National Commission for the Protection of Human Subjects (1979) Belmont Report: Ethical Principles and Guidelines for the Protection of Human Subjects of Research. Department of Health and Welfare, Washington DC.

[19]   Singh, A. and Bora, M.S. (2013) Cyber Threats and Security for Wireless Devices. JECET, 2, 277-284.
https://doi.org/10.2139/ssrn.3419703

[20]   Rouse, M. (2007) Defense in Depth.
http://searchsecurity.techtarget.com/definition/defense-in-depth

[21]   Cobb, M. (2014) Firewall.
http://searchsecurity.techtarget.com/definition/firewall

[22]   Cole, B. (2014) Intrusion Detection System.
http://searchcompliance.techtarget.com/definition/intrusion-detection-systems-IDS

[23]   Rouse, M. (2007) Password.
http://searchsecurity.techtarget.com/definition/password

 
 
Top