Computer viruses remain the information security threat for business and result a devastating effect on business continuity and profitability. In order to deploy antivirus countermeasures, it is necessary to understand and explore the computer virus propagation. This research explored further the users who contact with media and discuss information security controls, including management and technical. First, we propose the computer viruses propagation model and analysis from system viewpoint. Second, we explore and evaluate the effectiveness of preventive countermeasures. Finally, we suggest several considerations for manager to practice. The simulation results show that users contact with media for network had a significant effect on infection rate and policy enforcement has powerful influence than firewall on restrain infection rate. Based on these results, we suggest: (1) information security management policy development takes precedence over the physical security; (2) it is very important to identify all assets, define the classification of assets, and identify security roles and responsibilities of employees; (3) it is necessary to audit regularly the configurations and the parameters of security techniques; (4) the operating system and the application software on hosts and servers should be updated and patched regularly; (5) the removable storage and removable/mobile access media should be restricted.
展开▼
