Optimizing Rational Decision Making When Reasoning About Enhancing Pki Security for Government: a Quantitative Decision Support Approach

Abstract

The security of eGovernments is a frontline issue in any meaningful discussion about trustworthy electronic transactions and service delivery. At the center of electronic service delivery is identity management. Trust can only be achieved through secure electronic identity and access management. Most eGovernments across the globe e.g. Britain, Australia, Estonia, Kenya etc. prefer implementing Public Key Infrastructures in their identity and access management systems as a means of achieving strong authentication mechanisms for its users. This is because eGovernments face massive threats from a knowledge society that has easy access to hacking knowledge and tools, and also well-funded hacker groups. These threats can easily compromise any system whose security is not properly enhanced. We are cognizant of the fact that in most governments, the planners, implementers and assessors of PKI rely on quality management systems like ISO to qualitatively measure compliance to best practices through relevant audits. Such strategies are paperwork intensive and try to ensure process adherence but lack the capacity to quantitatively measure non-functional quality properties like security, interoperability, availability, privacy, reliability, performance among others. We propose a quantitative approach when reasoning about PKI security attributes. Optimisation of decisions needed to ensure cyber secure PKI solutions for e-Government requires a good decision support system informed by quantitative measures of key security quality attributes. Although PKI is a universal concept, its design and implementation in different contexts means that each context offers emergent challenges that requires unique solutions. This thesis proposes a decision optimisation tool for PKI security derived from existing models. The research demonstrates how security can be modeled using variables that influence its optimisation in PKI solutions. The research uses regression analysis and specifically partial least squares to perform relevant inference on PKI security influencing factors and present the various statistical measures to security managers in an easy to visualize manner. The Structure Case, Culture, People, Process and Technology (CPPT) and Partial Least Squares Structural Equation Modeling (PLS-SEM) frameworks are all used in the study. The output is a generic quantitative PKI security rational decision optimisation tool.