Differential effects of prior experience on the malware resolution process

Seung Hyun Kim, Byung Cho Kim

Research output: Contribution to journalArticle

8 Citations (Scopus)

Abstract

Despite growing interest in the economic and policy aspects of information security, little academic research has used field data to examine the development process of a security countermeasure provider. In this paper, we empirically examine the learning process a security software developer undergoes in resolving a malware problem. Using the data collected from a leading antivirus software company in Asia, we study the differential effects of experience on the malware resolution process. Our findings reveal that general knowledge from cross-family experience has greater impact than specific knowledge from within-family experience on performance in the malware resolution process. We also examine the factors that drive the differential effects of prior experience. Interestingly, our data show that cross-family experience is more effective than withinfamily experience in malware resolution when malware targets the general public than when a specific victim is targeted. Similar results-for example, the higher (lower) effect of cross-family (within-family) experience-were observed in the presence of information sharing among software vendors or during a disruption caused by a catastrophe. Our study contributes to a better understanding of the specific expertise required for security countermeasure providers to be able to respond under varying conditions to fast-evolving malware.

Original languageEnglish
Pages (from-to)655-678
Number of pages24
JournalMIS Quarterly: Management Information Systems
Volume38
Issue number3
DOIs
Publication statusPublished - 2014 Sep 1

All Science Journal Classification (ASJC) codes

  • Management Information Systems
  • Information Systems
  • Computer Science Applications
  • Information Systems and Management

Fingerprint Dive into the research topics of 'Differential effects of prior experience on the malware resolution process'. Together they form a unique fingerprint.

  • Cite this