Using the Analytical Hierarchy Process Model in the Prioritization of Information Assurance Defense In-Depth Measures?—A Quantitative Study

Organizational computing devices are increasingly becoming targets of cyber-attacks, and organizations have become dependent on the safety and security of their computer networks and their organizational computing devices. Business and government often use defense in-depth information assurance measures such as firewalls, intrusion detection systems, and password procedures across their enterprises to plan strategically and manage IT security risks. This quantitative study explores whether the analytical hierarchy process (AHP) model can be effectively applied to the prioritization of information assurance defense in-depth measures. In response to these threats, the President, legislators, experts, and others have characterized cyber security as a pressing national security issue. The methods used in this study consisted of emailing study participants a survey requesting that they prioritize five defense in-depth information assurance measures, anti-virus, intrusion detection, password, smart-cards, and encryption, with a range of responses from 1 - 5 using a Likert scale to consider standard cost, effectiveness, and perceived ease of use in terms of protection of organizational computing devices. The measures were then weighted, based on ranking. A pair-wise comparison of each of the five measures is then made using AHP to determine whether the Likert scale and the AHP model could be effectively applied to the prioritization of information assurance measures to protect organizational computing devices. The findings of the research reject the H₀ null hypothesis that AHP does not affect the relationship between the information technology analysts’ prioritization of five defense in-depth dependent variables and the independent variables of cost, ease of use, and effectiveness in protecting organizational devices against cyber-attacks.