Loading...
Paper Type
Complete
Abstract
Malware-related threats continue to pose significant challenges for protecting organizational perimeters. Proposed solutions for defending against malware threats are often devised without considering the socio-technical environment in which they are implemented. This paper argues that by treating malware-related threats as an epidemic, a framework is provided for formulating targeted security controls to prevent and disrupt malware-related attacks. This paper adapts the well-known epidemiology triad into a decision-making and risk-quantification model to assist organizations in formulating security controls. The proposed model can be used to formulate security controls, quantify the probability of a cyber infection, and assess the economic feasibility of the formulated controls. This model constitutes a novel contribution to the knowledge base, demonstrating the potential for fruitful discourse and engagement to co-exist at the boundaries of disciplines.
Paper Number
1395
Recommended Citation
Flowerday, Stephen V.; Higgs, James; Flowerday, Ethan; and Tilbury, Jack Laurie, "Epidemiology Triad Analysis Guiding Malware Control Expenditure" (2024). AMCIS 2024 Proceedings. 28.
https://aisel.aisnet.org/amcis2024/security/security/28
Epidemiology Triad Analysis Guiding Malware Control Expenditure
Malware-related threats continue to pose significant challenges for protecting organizational perimeters. Proposed solutions for defending against malware threats are often devised without considering the socio-technical environment in which they are implemented. This paper argues that by treating malware-related threats as an epidemic, a framework is provided for formulating targeted security controls to prevent and disrupt malware-related attacks. This paper adapts the well-known epidemiology triad into a decision-making and risk-quantification model to assist organizations in formulating security controls. The proposed model can be used to formulate security controls, quantify the probability of a cyber infection, and assess the economic feasibility of the formulated controls. This model constitutes a novel contribution to the knowledge base, demonstrating the potential for fruitful discourse and engagement to co-exist at the boundaries of disciplines.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC