Abstract

Application allowlisting is a security control by which the execution of software on a system is limited to a pre-authorized list of applications. Although the control has demonstrated effectiveness in mitigating the risk of negative impact from multiple categories of cybersecurity threats (including many ransomware variants), it enjoys relatively low adoption at organizations. This is even in light of an ever-evolving cyber threat landscape, with organizations continually targeted by cyber threat actors. This qualitative, phenomenological study aimed to describe the experiences of cybersecurity decision-makers in the United States who have assessed application allowlisting for adoption at their organizations. Participants described numerous elements comprising their assessment experience such as organizational structure, including reporting structure, and regulatory requirements; culture, including security awareness, and employee control over workstation systems; and technology, including organizational control maturity and feature set present within the application allowlisting solution. Participants made application allowlisting adoption decisions based on an intersection of organizational structure, culture, and technology-related factors. 

Details

Title
Factors Affecting the Adoption of Application Allowlisting at United States-Based Enterprise Organizations: A Phenomenological Study
Author
Painter, Ryan Dean
Publication year
2023
Publisher
ProQuest Dissertations & Theses
ISBN
9798379511876
Source type
Dissertation or Thesis
Language of publication
English
ProQuest document ID
2812310000
Copyright
Database copyright ProQuest LLC; ProQuest does not claim copyright in the individual underlying works.