Start Date

11-8-2016

Description

In the light of recent cyber-attacks, it has become imperative for organizations to predict breaches in an accurate and comprehensive manner. In this study, we assess the impact of the external environment as well as factors internal to the organization. We propose an AVICS-Eco Framework to (i) predict cyber-attacks in organizations, (ii) assess critical vulnerabilities, (iii) aid IS managers to plan security investments, and, (iv) decide what to patch and when to patch. We validated our model using Partial Least Square Structural Equation Modelling. We have used CSI-FBI, Ponemon and Checkpoint Survey data from 1997 to 2015. As a recommendation, CTOs should be cautious with vulnerable software from specific categories. We derived that software vendors need to prioritize patches on Networks before Operating Systems. Firewalls were found to be superior in comparison to anti-viruses. Finally, we found limited support for cybersecurity legal provisions as attack inhibitors in the United States.

Share

COinS
 
Aug 11th, 12:00 AM

AVICS-Eco Framework: An Approach to Attack Prediction and Vulnerability Assessment in a Cyber Ecosystem

In the light of recent cyber-attacks, it has become imperative for organizations to predict breaches in an accurate and comprehensive manner. In this study, we assess the impact of the external environment as well as factors internal to the organization. We propose an AVICS-Eco Framework to (i) predict cyber-attacks in organizations, (ii) assess critical vulnerabilities, (iii) aid IS managers to plan security investments, and, (iv) decide what to patch and when to patch. We validated our model using Partial Least Square Structural Equation Modelling. We have used CSI-FBI, Ponemon and Checkpoint Survey data from 1997 to 2015. As a recommendation, CTOs should be cautious with vulnerable software from specific categories. We derived that software vendors need to prioritize patches on Networks before Operating Systems. Firewalls were found to be superior in comparison to anti-viruses. Finally, we found limited support for cybersecurity legal provisions as attack inhibitors in the United States.