Computer viruses remain the information security threat for business and result a devastating effect on business continuity and profitability. In order to deploy antivirus countermeasures, it is necessary to understand and explore the computer virus propagation. This research explored further the users who contact with media and discuss information security controls, including management and technical. First, we propose the computer viruses propagation model and analysis from system viewpoint. Second, we explore and evaluate the effectiveness of preventive countermeasures. Finally, we suggest several considerations for manager to practice. The simulation results show that users contact with media for network had a significant effect on infection rate and policy enforcement has powerful influence than firewall on restrain infection rate. Based on these results, we suggest: (1) information security management policy development takes precedence over the physical security; (2) it is very important to identify all assets, define the classification of assets, and identify security roles and responsibilities of employees; (3) it is necessary to audit regularly the configurations and the parameters of security techniques; (4) the operating system and the application software on hosts and servers should be updated and patched regularly; (5) the removable storage and removable/mobile access media should be restricted.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.