Content area
Full Text
Abstract: Epidemiology provides a novel approach to understanding cybersecurity risk. It provides a systematic model for the analysis of likelihood, consequence, management and prevention measures. While current research exists on the analysis of individual cybersecurity risk factors, there is a significant research gap on the collective interaction of these risk factors and their impact on the risk of cybersecurity compromise. Effective cybersecurity risk management requires the estimation of the probability of infection, based on a comprehensive range of historical and environmental factors, including system or network configurations and characteristics. The application of epidemiology highlights two fundamental approaches to increasing the efficiency and potency of cybersecurity; the requirement for comprehensive analysis of all cybersecurity risk factors, not just specific network vulnerabilities or uses, and the requirement for a centralised reporting, monitoring and data centre for cybersecurity incidents to inform this analysis, and facilitate a collective community response to mitigating cybersecurity risks. This paper discusses these applications of epidemiology to cybersecurity, to highlight the importance of research which combines these macro and micro-level approaches to provide a definitive evaluation of cybersecurity risk.
Keywords: Epidemiology, Cybersecurity, Risk Factors, Epidemiological Applications, Epidemiologic Security Analysis
1.Introduction
This paper explores the novel approach of applying epidemiology to cybersecurity. Epidemiology provides a novel approach to understanding cybersecurity risk, and has a plethora of similarities and applications, as detailed in Figure 1.
It provides a systematic model for the analysis of likelihood, consequence, management and prevention measures. This paper provides a review of literature, which identifies that whilst current research exists on the analysis of individual cybersecurity risk factors, there is a significant research gap on the collective interaction of these risk factors and their impact on the risk of cybersecurity compromise. This paper explores how epidemiological principles can be applied to estimate the probability of infection it based on a comprehensive range factors, and how a comprehensive repository of this data could be utilised to manage cyber security risk in the same way in which health is. This paper discusses these applications of epidemiology to cybersecurity, to highlight the importance of research which combines these macro and micro-level approaches to provide a definitive evaluation of cybersecurity risk.
2.Epidemiology and Cybersecurity
Historically as humans have aggregated into communities, the requirement for increasingly...