IS cybersecurity studies can be categorized by their paradigms into behavioral, economic, and computational design science.
The behavioural paradigm focuses on modelling user behaviour in cybersecurity, including habituation to security warnings, user training for mitigating phishing attacks, and operational risk management.
The economic paradigm focuses on modelling the economic impact of security phenomena, e.g., the impact of law enforcement and discussions in hacker forums on DDoS attacks and the impact of diversifying software resources on security risk.
- The emergence of high-impact and publicly available dark web or security-related data (as opposed to proprietary data sources) has given birth to a stream in IS cybersecurity research that focuses on cybersecurity analytics.
- Studies in this stream often adopt the computational design science paradigm to develop novel IT artifacts that provide ML models for automated decision-making. These can include models for various analytical cybersecurity tasks such as de-anonymizing cybercriminals, classifying hacker assets, identifying key hackers, and intrusion detection.