research-article

Position Paper: Evaluating Analogies and Applying Public Health Models for Cybersecurity

Authors:

Josiah Dykstra,

O. Sami Saydjari,

Douglas HoughAuthors Info & Claims

HealthSec '24: Proceedings of the 2024 Workshop on Cybersecurity in Healthcare

Pages 17 - 28

https://doi.org/10.1145/3689942.3694751

Published: 21 November 2024 Publication History

Abstract

This paper presents a new approach to integrating analogies and analytical methods from public health and other domains into cybersecurity by introducing a structured framework for evaluating and judiciously applying them. Based on principles of analogy theory, the framework categorizes aspects of analogies into a stoplight system-green, yellow, and red-allowing practitioners to assess their applicability and potential pitfalls. We then employ the Haddon Matrix, a specific analytical method from the public health domain, demonstrating its relevance and utility in analyzing cybersecurity threats such as credential theft via phishing. Finally, we extend the framework's application to other public health and safety models, illustrating how these analogies and analytical methods can be more broadly evaluated and potentially adopted in cybersecurity. Through these contributions, the paper offers a structured method for cross-disciplinary cybersecurity innovation, providing specific insights and a generalizable approach for future research and practice.

References

[1]

Paul Bartha. 2019. Reasoning and Analogical Reasoning. The Stanford Encyclopedia of Philosophy. https://plato.stanford.edu/entries/reasoning-analogy/

[2]

George EP Box. 1976. Science and statistics. J. Amer. Statist. Assoc. 71, 356 (1976), 791--799.

[3]

Sonya S Brady, Linda Brubaker, Cynthia S Fok, Sheila Gahagan, Cora E Lewis, Jessica Lewis, Jerry L Lowder, Jesse Nodora, Ann Stapleton, Mary H Palmer, et al. 2020. Development of conceptual models to guide public health research, practice, and policy: synthesizing traditional and contemporary paradigms. Health promotion practice 21, 4 (2020), 510--524.

[4]

Fred Brauer. 2017. Mathematical epidemiology: Past, present, and future. Infectious Disease Modelling 2, 2 (2017), 113--127.

[5]

Fred Cohen. 1987. Computer viruses: theory and experiments. Computers & Security 6, 1 (1987), 22--35.

Digital Library

[6]

Richard Crosby and Seth M Noar. 2011. What is a planning model? An introduction to PRECEDE-PROCEED. Journal of public health dentistry 71 (2011), S7--S15.

[7]

Dedre Gentner and Keith J Holyoak. 1997. Reasoning and learning by analogy: Introduction. American psychologist 52, 1 (1997), 32.

[8]

Karen Glanz, Barbara K Rimer, and K Viswanath. 2008. Theory, research, and practice in health behavior and health education. Jossey-Bass.

[9]

William Haddon Jr. 1968. The changing approach to the epidemiology, prevention, and amelioration of trauma: the transition to approaches etiologically rather than descriptively based. American Journal of Public Health and the Nation?s Health 58, 8 (1968), 1431--1438.

[10]

David Hemenway. 2009. While we were sleeping: success stories in injury and violence prevention. Univ of California Press.

[11]

Carl Landwehr. 2015. We need a building code for building code. Commun. ACM 58, 2 (2015), 24--26.

Digital Library

[12]

Sam MacArthur. [n. d.]. Smoking as a Public Health Issue. https://www.mphonline.org/smoking-public-health/.

[13]

Brent Rowe, Michael Halpern, and Tony Lentz. 2012. Is a public health framework the cure for cyber security. CrossTalk 25, 6 (2012), 30--38.

[14]

Adam Shostack. 2022. Public Health & Cyber Public Health. Technical Report 22-01. CyberGreen Institute.

[15]

Eugene H Spafford. 1989. The Internet worm program: An analysis. ACM SIGCOMM Computer Communication Review 19, 1 (1989), 17--57.

Digital Library

[16]

Eugene H Spafford, Leigh Metcalf, and Josiah Dykstra. 2023. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us. Addison- Wesley Professional.

[17]

Kathleen Tuthill. 2003. John Snow and the Broad Street pump: on the trail of an epidemic. Cricket 31, 3 (2003), 23--31.

[18]

StevenWeber. 2017. Coercion in cybersecurity: What public health models reveal. Journal of Cybersecurity 3, 3 (2017), 173--183.

[19]

Hill Hibbert Winslow. 1916. The New Public Health. The Macmillan Company.

[20]

World Health Organization. [n. d.]. A Brief History of Vaccination. https://www.who.int/news-room/spotlight/history-of-vaccination/a-briefhistory-of-vaccination.

Index Terms

Position Paper: Evaluating Analogies and Applying Public Health Models for Cybersecurity

Recommendations

Evaluating public health uses of health information exchange

Health information exchange (HIE) initiatives are in various stages of development across the United States. They aim to bring previously unavailable clinical data from patients' disparate health records, which may be spread over multiple provider and ...
Redesigning electronic health record systems to support public health

Current electronic health record systems are primarily clinical in focus, designed to provide patient-level data and provider-level decision support. Adapting EHR systems to serve public health needs provides the possibility of enormous advances for ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...

Comments

comments powered by Disqus.

Information & Contributors

Information

Published In

HealthSec '24: Proceedings of the 2024 Workshop on Cybersecurity in Healthcare

November 2024

133 pages

ISBN:9798400712388

DOI:10.1145/3689942

Program Chair:
William Yurcik
Centers for Medicare & Medicare Services, USA

Copyright © 2023 ACM.

Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 November 2024

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '24

Sponsor:

SIGSAC

CCS '24: ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

UT, Salt Lake City, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
54
Total Downloads

Downloads (Last 12 months)54
Downloads (Last 6 weeks)7

Reflects downloads up to 20 Feb 2025

Other Metrics

View Author Metrics

Citations

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy