Using System Dynamics to Investigate the Effect of the Information Medium Contact Policy on the Information Security Management

  •  Pei-Chen Sung    
  •  Chien-Yuan Su    


Computer viruses remain the information security threat for business and result a devastating effect on business
continuity and profitability. In order to deploy antivirus countermeasures, it is necessary to understand and
explore the computer virus propagation. This research explored further the users who contact with media and
discuss information security controls, including management and technical. First, we propose the computer
viruses propagation model and analysis from system viewpoint. Second, we explore and evaluate the
effectiveness of preventive countermeasures. Finally, we suggest several considerations for manager to practice.
The simulation results show that users contact with media for network had a significant effect on infection rate
and policy enforcement has powerful influence than firewall on restrain infection rate. Based on these results, we
suggest: (1) information security management policy development takes precedence over the physical security;
(2) it is very important to identify all assets, define the classification of assets, and identify security roles and
responsibilities of employees; (3) it is necessary to audit regularly the configurations and the parameters of
security techniques; (4) the operating system and the application software on hosts and servers should be updated
and patched regularly; (5) the removable storage and removable/mobile access media should be restricted.

This work is licensed under a Creative Commons Attribution 4.0 License.