Improving Backup System Evaluations in Information Security Risk Assessments to Combat Ransomware

Computer and Information Science, Vol 11, No 1, 2018

12 Pages Posted: 4 Jan 2018

See all articles by Jason Thomas

Jason Thomas

Bush School of Government and Public Service; Excelsior College; Grand Canyon University; Concordia University Texas; Northwood University

Gordon Galligher

The Collective Group

Date Written: January 3, 2018

Abstract

Ransomware is the fastest growing malware threat and accounts for the majority of extortion based malware threats causing billions of dollars in losses for organizations around the world. Ransomware is global epidemic that afflicts all types of organizations that utilize computing infrastructure. Once systems are infected and storage is encrypted, victims have little choice but to pay the ransom and hope their data if released or start over and rebuild their systems. Either remedy can be costly and time consuming. However, backups can be used to restore data and systems to known good state prior to ransomware infection. This makes backups the last line of defense and most effective remedy in combatting ransomware. Accordingly, information security risk assessments should evaluate backup systems and their ability to address ransomware threats. Yet, NIST SP-800-30 does not list ransomware as specific threat. This study reviews the ransomware process, functional backup architecture paradigms, their ability to address ransomware attacks, and provides suggestions to improve the guidance in NIST SP-800-30 and information security risk assessments to better address ransomware threats.

Keywords: information systems, information system security, risk assessments, computer security, ransomware, computer security, computer information systems, backup, disaster recovery, business continuity, information assurance, cybersecurity

JEL Classification: M10, M15

Suggested Citation

Thomas, Jason and Galligher, Gordon, Improving Backup System Evaluations in Information Security Risk Assessments to Combat Ransomware (January 3, 2018). Computer and Information Science, Vol 11, No 1, 2018 , Available at SSRN: https://ssrn.com/abstract=3095629

Jason Thomas (Contact Author)

Bush School of Government and Public Service ( email )

College Station, TX
United States

Excelsior College ( email )

Albany, NY
United States

Grand Canyon University ( email )

Phoenix, AR
United States

Concordia University Texas ( email )

11400 Concorida University Dr.
Austin, TX 78726
United States

Northwood University ( email )

4000 Whiting Dr
Midland, MI 48640
United States

HOME PAGE: http://www.northwood.edu

Gordon Galligher

The Collective Group ( email )

9433 Bee Caves Road
Building III, Suite 200
Austin, TX 78733
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
684
Abstract Views
1,787
rank
49,722
PlumX Metrics