Why Whitelisting Over Antimalware: A Comparative Analysis of Application Control Strategies in Modern Cybersecurity
Abstract
The growing sophistication of cyber threats has exposed significant limitations in traditional antimalware solutions, leading organizations to reconsider their security strategies. This paper examines why application whitelisting often provides better protection than conventional antimalware approaches, particularly for critical systems. Through analysis of security models, threat patterns, and real-world implementations, I demonstrate that whitelisting offers superior protection against zero-day exploits, reduces attack surfaces, and delivers more predictable security outcomes. While antimalware remains useful for threat detection, whitelisting’s default-deny approach provides a stronger foundation for securing high-value assets and critical infrastructure. The findings suggest that organizations should prioritize whitelisting for mission-critical systems while maintaining antimalware as a complementary layer. This research contributes to ongoing discussions about proactive versus reactive security and offers practical guidance for security architects designing defense-in-depth frameworks.
Keywords: Application whitelisting, antimalware, cybersecurity, zero-day threats, default-deny security, endpoint protection
1. Introduction
1.1 Background
Over the past decade, the cybersecurity landscape has changed dramatically. Threat actors are developing increasingly sophisticated attack methods that bypass traditional security controls. Organizations now face an average of 270 days to detect a breach—plenty of time for adversaries to steal data, establish persistence, and cause substantial damage. Traditional antimalware solutions have dominated endpoint security for decades, using a reactive model that identifies and blocks known malicious software through signature-based detection and behavioral analysis.
However, the sheer volume of new malware variants—over 450,000 discovered daily—has revealed critical weaknesses in the antimalware approach. The time between malware creation, signature development, and distribution creates vulnerability windows that skilled attackers consistently exploit. This reality has pushed security professionals to rethink fundamental assumptions about endpoint protection.
1.2 Problem Statement
Today’s organizations face a key challenge: reactive security models simply can’t keep up with zero-day exploits, advanced persistent threats (APTs), and polymorphic malware. Traditional antimalware struggles with several issues:
• Delays between when threats emerge and signatures become available
• Poor prevention of unknown threats
• High false-positive rates that lead to alert fatigue
• Resource consumption that impacts system performance
• Limited effectiveness against fileless attacks and “living-off-the-land” techniques
These aren’t just theoretical problems. Numerous high-profile breaches have occurred at organizations with up-to-date antimalware protection.
1.3 Research Objectives
This paper aims to:
1. Analyze the fundamental differences between whitelisting and antimalware security models
2. Evaluate how effective whitelisting is at preventing modern cyber threats
3. Examine the practical challenges and benefits of implementing whitelisting
4. Provide evidence-based recommendations for security strategy
5. Identify specific scenarios where whitelisting outperforms antimalware
1.4 Significance
Understanding the comparative advantages of whitelisting versus antimalware matters for organizations trying to optimize their security investments and protect critical assets. This research provides actionable insights for security professionals, system administrators, and decision-makers responsible for safeguarding sensitive data and maintaining operations in an increasingly hostile environment.
2. Literature Review
2.1 Evolution of Endpoint Security
Endpoint security has evolved through distinct phases—simple signature-based antivirus in the 1980s, heuristic analysis in the 1990s, behavioral detection in the 2000s, and machine learning approaches in recent years. Each evolution tried to address emerging threat patterns while maintaining usability and performance.
Research consistently highlights the arms race between malware developers and security vendors. The reactive nature of signature-based detection creates inherent disadvantages because defenders must always respond to attacker innovations rather than preventing them proactively.
2.2 Whitelisting as a Security Control
Application whitelisting represents a fundamental shift from the traditional blacklist approach. Instead of trying to identify and block malicious software, whitelisting only allows explicitly approved applications to execute. This default-deny posture aligns with core security principles of least privilege and attack surface reduction.
Studies on whitelisting implementation show significant reductions in successful malware infections, particularly in controlled environments like industrial control systems, financial transaction systems, and government networks. NIST and other regulatory bodies increasingly recommend whitelisting for critical infrastructure protection.
2.3 Comparative Security Models
The security community recognizes two fundamental approaches: blacklisting (default-allow) and whitelisting (default-deny). Blacklisting assumes everything is safe unless proven malicious; whitelisting assumes everything is dangerous unless explicitly approved. This philosophical difference has major implications for security outcomes.
Research comparing these approaches consistently shows that whitelisting provides better protection against unknown threats, zero-day exploits, and sophisticated attacks that evade signature-based detection. However, implementation complexity and operational overhead have historically limited widespread adoption.
2.4 Current Threat Landscape
Modern cyber threats exhibit characteristics that challenge traditional antimalware. Advanced persistent threats often use custom malware unknown to signature databases. Filelessattacks execute malicious code in memory without dropping files for antimalware to scan. Supply chain compromises distribute malware through trusted update mechanisms. These attack patterns exploit the fundamental limitations of reactive security models.
The ransomware epidemic, which has caused over $20 billion in damages globally in recent years, demonstrates antimalware inadequacy. Many ransomware infections succeed despite current antimalware protection because variants are specifically designed to evade detection.
3. Methodology
3.1 Research Approach
This study uses a mixed-methods approach combining literature analysis, comparative security model evaluation, and case study examination. I analyzed peer-reviewed research, industry reports, and documented security incidents to understand the practical implications of whitelisting versus antimalware strategies.
3.2 Evaluation Criteria
The evaluation criteria are based on key security metrics:
• Threat Prevention Effectiveness: Ability to prevent malware execution
• Zero-Day Protection: Defense against unknown threats
• Performance Impact: System resource consumption
• Administrative Overhead: Management complexity and time requirements
• False Positive/Negative Rates: Accuracy of security decisions
• Attack Surface Reduction: Limitation of potential exploit vectors
• Compliance Alignment: Support for regulatory requirements
3.3 Data Sources
The analysis incorporates data from cybersecurity research institutions, vendor-independent testing organizations, government security agencies, and documented case studies from organizations implementing various security strategies. I prioritized recent data (2020-2025) to reflect current threat landscapes and technology capabilities.
4.1 Security Model Fundamentals
Antimalware Approach: Antimalware operates on a blacklist paradigm, trying to identify and block malicious software while allowing everything else to execute. This relies on:
• Signature databases containing patterns of known malware
• Heuristic analysis detecting suspicious behaviors
• Machine learning models identifying anomalies
• Cloud-based reputation systems evaluating file trustworthiness
• Sandboxing technologies for dynamic analysis
Whitelisting Approach: Whitelisting implements a default-deny model where only explicitly approved applications can execute. This uses:
• Application inventories defining permitted software
• Cryptographic hash verification ensuring file integrity
• Publisher certificate validation confirming software origin
• Path-based rules controlling execution locations
• Dynamic whitelisting adapting to approved changes
4.2 Threat Prevention Effectiveness
Zero-Day Protection: Whitelisting provides inherent protection against zero-day exploits because unknown applications simply can’t execute, regardless of how sophisticated they are. Antimalware remains vulnerable during the window between malware creation and signature availability. This gap often lasts hours or days, leaving systems exposed.
Polymorphic Malware: Polymorphic malware changes its signature with each infection to deliberately evade signature-based detection. Whitelisting makes these evasion techniques irrelevant because polymorphic variants are just unauthorized applications that can’t execute.
Fileless Attacks: Fileless attacks pose significant challenges for antimalware because they execute malicious code in memory using legitimate system tools. Whitelisting can restrict which scripts and interpreters can execute and from where, significantly limiting fileless attack vectors.
Supply Chain Compromises: When legitimate software updates contain malicious code, antimalware may fail because the threat comes from trusted sources. Whitelisting with hash verification can detect unauthorized modifications to approved applications, providing protection against supply chain attacks.
4.3 Performance Considerations
System Resource Usage: Antimalware continuously scans files, monitors processes, and analyzes behaviors, consuming CPU, memory, and disk I/O. This overhead can impact performance, especially on older hardware or resource-constrained environments. Once configured, whitelisting requires minimal runtime resources because it simply blocks unauthorized execution attempts without scanning or analysis.
Operational Impact: Real-time antimalware scanning can delay file operations, affecting user productivity and application performance. Whitelisting introduces minimal latency because execution decisions are based on simple database lookups rather than complex analysis.
4.4 Administrative Overhead
Initial Implementation: Whitelisting requires significant upfront effort to inventory approved applications, establish baseline configurations, and define policies. Organizations must document legitimate software requirements across diverse user groups and systems. Antimalware deployment is typically simpler—just install agents and configure basic settings.
Ongoing Management: Antimalware demands continuous signature updates, policy refinements, and false-positive investigations. Whitelisting requires change management processes for approving new applications and updates but generates fewer daily alerts once established. The long-term administrative burden often favors whitelisting in stable environments.
4.5 False Positives and Negatives
Antimalware Challenges: Antimalware generates false positives when legitimate software behaves similarly to malware, and false negatives when sophisticated malware evades detection. Both create security gaps—false positives desensitize administrators to alerts while false negatives allow compromise.
Whitelisting Precision: Whitelisting produces false positives mainly during initial implementation when legitimate applications get inadvertently blocked. However, once properly configured, false positives decrease dramatically. False negatives are virtually eliminated because unapproved software simply can’t execute.
4.6 Attack Surface Reduction
Whitelisting fundamentally reduces attack surfaces by limiting executable code to essential applications. This prevents:
• Unauthorized tool installation by attackers
• Exploitation of vulnerable but unnecessary software
• Execution of downloaded malware
• Lateral movement using unauthorized utilities
• Data exfiltration through unapproved applications
Antimalware doesn’t inherently reduce attack surfaces—it tries to protect the entire existing surface through detection and blocking.
5. Implementation Considerations
5.1 Ideal Use Cases for Whitelisting
Whitelisting provides maximum value in environments with:
Critical Infrastructure: Industrial control systems, SCADA networks, and utility management systems benefit enormously from whitelisting because they typically run stable, predictable application sets where unauthorized software poses catastrophic risks.
Financial Systems: Point-of-sale terminals, ATMs, and financial transaction processing systems require high security with minimal change, making them ideal for whitelisting.
Healthcare Devices: Medical devices and healthcare IT systems managing sensitive patient data need protection from ransomware and data breaches while maintaining operational reliability.
Government Networks: Classified systems and sensitive government networks often mandate whitelisting as a baseline security control due to superior protection against advanced threats.
Locked-Down Workstations: Kiosks, shared workstations, and role-specific computers with defined functions benefit from whitelisting’s restrictive approach.
5.2 Challenges and Limitations
Application Diversity: Organizations with diverse, frequently changing software portfolios face significant challenges maintaining current whitelists. Software development environments, creative workstations, and research systems may struggle with whitelisting restrictions.
Shadow IT: Whitelisting effectiveness depends on comprehensive application inventories. Shadow IT—unauthorized applications used without IT knowledge—creates blind spots that complicate implementation.
Update Management: Software updates often change executable hashes, requiring whitelist modifications. Organizations must balance security with operational continuity, developing processes to approve and deploy updates without creating vulnerabilities.
User Resistance: Restrictive security controls can frustrate users accustomed to installing software freely. Successful whitelisting requires change management, user education, and clear justification.
Legacy Applications: Older applications may lack publisher certificates or consistent update mechanisms, complicating whitelist management. Organizations with significant legacy technology may find whitelisting implementation particularly challenging.
5.3 Hybrid Approaches
Many organizations adopt hybrid strategies:
Risk-Based Segmentation: High-security systems use whitelisting while general-purpose workstations rely on antimalware with additional controls. This balances security and usability based on asset criticality.
Layered Defense: Implementing whitelisting as the primary control with antimalware providing backup detection creates defense-in-depth. If approved applications contain vulnerabilities, antimalware may detect exploitation attempts.
Adaptive Policies: Modern endpoint protection platforms offer adaptive policies that automatically whitelist trusted applications while maintaining stricter controls for unknown software, reducing administrative burden while preserving security.
6. Case Studies and Real-World Evidence
6.1 Industrial Control Systems and Operational Technology (OT)
Critical infrastructure operators have successfully implemented whitelisting for SCADA and industrial control networks with impressive results:
• 100% prevention of unauthorized software installation attempts
• Zero successful malware infections over multi-year periods
• Minimal performance impact on real-time control systems
• Simplified compliance with industry regulations (NERC CIP, IEC 62443)
The contrast is stark—properly configured whitelisted environments have avoided malware incidents that compromised control systems relying solely on antimalware.
Why OT Environments Strongly Prefer Whitelisting:
Having worked with several critical infrastructure organizations, I’ve observed that OT environments have unique characteristics making whitelisting not just preferable but often essential:
Deterministic Operations: OT systems perform predictable, repetitive tasks with minimal software changes. A manufacturing line, power distribution system, or water treatment facility runs the same control applications for years. This stability makes whitelisting highly practical—once you establish the baseline, change requests are rare and manageable. I’ve seen facilities where the approved application list hasn’t changed in over three years.
Legacy System Constraints: Many OT environments operate legacy systems running outdated operating systems that simply can’t support modern antimalware. I’ve encountered facilities still running Windows XP or Windows 7 on proprietary industrial equipment. These systems lack the processing power, memory, or vendor support for resource-intensive security software. Whitelisting’s minimal footprint makes it the only viable security option for aging infrastructure that can’t be replaced due to cost or operational requirements.
Real-Time Performance Requirements: OT systems control physical processes with strict timing constraints. A programmable logic controller must respond to sensor inputs within milliseconds to prevent equipment damage or safety incidents. Antimalware scanning introduces unpredictable latency that disrupts real-time operations. Imagine a manufacturing robot pausing mid-operation while antimalware scans a file—it could damage products, equipment, or even injure personnel. Whitelisting imposes negligible performance overhead, making it compatible with hard real-time requirements.
Safety-Critical Nature: OT systems directly control physical processes affecting human safety—power generation, chemical processing, transportation systems, medical devices. Security failures extend beyond data loss to potential loss of life. Whitelisting’s superior threat prevention is essential when failures have catastrophic consequences. The Triton/TRISIS malware attack targeting safety instrumented systems in 2017 showed that adversaries actively target safety systems, making prevention through whitelisting critical.
Air-Gapped and Isolated Networks: Many OT networks operate air-gapped from enterprise IT networks for security. This isolation prevents regular antimalware signature updates, rendering signature-based protection obsolete within days. Whitelisting functions effectively without external connectivity because it doesn’t require signature updates—approved applications remain approved regardless of internet access.
Extended System Lifecycles: OT assets often operate for 15-25 years, far exceeding IT equipment lifecycles. A turbine control system installed today may still run in 2050. Antimalware becomes obsolete as vendors discontinue support, but whitelisting remains effective throughout the system’s operational life because it doesn’t depend on external threat intelligence or vendor updates.
Vendor Support Limitations: OT equipment vendors often void warranties if unauthorized software, including some antimalware products, is installed. Additionally, many vendors don’t test their systems with antimalware agents, creating uncertainty about compatibility. Whitelisting can be implemented at the operating system level without vendor-specific concerns, and vendors increasingly certify whitelisting solutions for their equipment.
Regulatory Compliance Mandates: Industry-specific regulations increasingly mandate whitelisting for OT. NERC CIP standards for electric utilities, FDA guidance for medical devices, and nuclear regulatory requirements specifically recommend or require application control. Compliance pressures drive whitelisting adoption even where security teams might have preferred other approaches.
Known Attack Patterns: High-profile OT attacks—Stuxnet (2010), BlackEnergy (2015), Industroyer/CrashOverride (2016), and EKANS ransomware (2020)—all involved unauthorized code execution on control systems. Whitelisting would have prevented these attacks by blocking unauthorized executables regardless of sophistication. The OT security community has learned from these incidents that prevention through whitelisting beats attempting to detect increasingly sophisticated malware.
Convergence Risk Management: As OT networks increasingly connect to IT systems for data analytics and remote monitoring, the attack surface expands. Whitelisting provides a defensive barrier preventing IT-originated malware from executing in OT environments, even if attackers breach the IT/OT boundary. This protection is crucial as convergence accelerates and traditional air-gaps are bridged.
The combination of these factors makes whitelisting the preferred—and often only practical—security control for OT environments. While enterprise IT may debate the trade-offs between whitelisting and antimalware, OT security professionals have reached consensus that whitelisting is essential for protecting critical infrastructure.
6.2 Healthcare Sector
Healthcare organizations implementing whitelisting for medical devices and patient data systems report:
• Significant reduction in ransomware infections
• Prevention of cryptomining malware on medical imaging systems
• Improved regulatory compliance (HIPAA, HITECH)
• Protection of legacy medical devices unable to run modern antimalware
Healthcare faces unique challenges with medical device whitelisting due to vendor support limitations and regulatory constraints, yet successful implementations demonstrate substantial security improvements.
6.3 Financial Services
Financial institutions using whitelisting for transaction processing and customer-facing systems achieve:
• Elimination of point-of-sale malware infections
• Prevention of ATM jackpotting attacks
• Reduced PCI DSS compliance complexity
• Enhanced customer trust through demonstrated security
Financial sector case studies consistently show that whitelisting provides more reliable protection for high-value transaction systems than antimalware alone.
6.4 Government and Defense
Government agencies mandating whitelisting for classified and sensitive systems document:
• Successful prevention of advanced persistent threat compromise attempts
• Compliance with stringent security frameworks (NIST 800-53, CMMC)
• Reduced incident response costs through prevention rather than detection
• Enhanced security posture for national security systems
Government implementations often combine whitelisting with additional controls, creating multilayered security appropriate for high-threat environments.
7. Discussion
7.1 Paradigm Shift: Prevention vs. Detection
The fundamental distinction between whitelisting and antimalware represents a broader philosophical debate in cybersecurity: prevention versus detection. Antimalware embodies the detection paradigm, trying to identify and respond to threats. Whitelisting represents prevention, eliminating threats before they materialize.
Modern security thinking increasingly favors prevention where practical. CISA and other authoritative bodies recommend preventive controls as more cost-effective than detective controls, which require ongoing monitoring, analysis, and response.
7.2 Total Cost of Ownership
While whitelisting requires higher initial investment for implementation and policy development, total cost of ownership often favors whitelisting over time:
Antimalware Costs:
• License fees (often subscription-based)
• Signature update infrastructure
• Performance impact on hardware lifecycle
• False positive investigation time
• Incident response for missed detections
• Data breach costs from successful attacks
Whitelisting Costs:
• Initial policy development and baseline creation
• Change management process overhead
• Occasional policy updates for approved software
• Lower incident response costs due to fewer successful attacks
• Reduced breach probability and associated costs
Organizations with stable application environments typically realize cost savings from whitelisting within 2-3 years, primarily through avoided breach costs and reduced security operations workload.
7.3 Regulatory and Compliance Implications
Regulatory frameworks increasingly recognize whitelisting’s security advantages:
• NIST Special Publication 800-167 provides specific guidance on application whitelisting
• PCI DSS 4.0 recommends whitelisting for protecting payment card data
• NERC CIP standards for critical infrastructure include whitelisting requirements
• CMMC for defense contractors emphasizes application control
Compliance with these frameworks often justifies whitelisting implementation, as regulatory pressure accelerates adoption beyond purely security-driven decisions.
7.4 Future Trends
Several trends suggest increasing whitelisting relevance:
Zero Trust Architecture: Zero trust principles align naturally with whitelisting’s default-deny posture. As organizations adopt zero trust frameworks, whitelisting becomes a logical endpoint control mechanism.
Cloud and Container Security: Container environments with immutable infrastructure benefit significantly from whitelisting, where only approved container images can execute.
Artificial Intelligence Integration: AI-enhanced whitelisting systems can automatically categorize applications, predict approval patterns, and reduce administrative overhead while maintaining security.
Integration with EDR: Modern endpoint detection and response platforms increasingly incorporate whitelisting capabilities alongside traditional antimalware, recognizing the complementary value of both approaches.
8. Recommendations
8.1 Strategic Recommendations
Based on this analysis, I recommend:
1. Prioritize whitelisting for critical systems: Organizations should implement whitelisting for mission-critical systems, industrial control networks, financial transaction systems, and any environment where unauthorized software poses unacceptable risks.
2. Adopt risk-based approaches: Not all systems require identical security controls. Classify assets by criticality and apply whitelisting where it provides maximum risk reduction relative to implementation costs.
3. Implement hybrid strategies: Combine whitelisting and antimalware in layered defense architectures, using each where it provides optimal value.
4. Invest in change management: Successful whitelisting requires robust change management processes, user education, and executive support to overcome implementation challenges.
5. Leverage modern platforms: Utilize endpoint protection platforms offering integrated whitelisting and antimalware capabilities, reducing management complexity through unified consoles.
8.2 Implementation Best Practices
Organizations implementing whitelisting should:
1. Start with pilot deployments: Begin with stable, well-understood systems to develop experience and refine processes before broader rollout.
2. Conduct thorough application inventory:Comprehensive baseline documentation is essential. Incomplete inventories lead to operational disruptions and user frustration.
3. Establish exception processes: Define clear procedures for approving new applications and emergency exceptions while maintaining security standards.
4. Monitor and audit: Continuously review blocked execution attempts to identify legitimate requirements and potential security incidents.
5. Communicate extensively: Transparent communication with stakeholders about whitelisting rationale, processes, and benefits reduces resistance and improves compliance.
8.3 When Antimalware Remains Appropriate
Antimalware remains the optimal primary control for:
• Development and test environments requiring software flexibility
• General-purpose workstations with diverse software needs
• Systems supporting creative or research work
• Environments lacking resources for whitelisting management
• Organizations with high application turnover
Even in these scenarios, organizations should consider supplementary controls like application reputation systems, behavior monitoring, and network segmentation to compensate for antimalware limitations.
9. Conclusion
This research demonstrates that application whitelisting provides superior security outcomes compared to traditional antimalware, particularly for protecting critical systems against modern cyber threats. Whitelisting’s default-deny posture offers inherent protection against zero-day exploits, polymorphic malware, and sophisticated attacks that routinely evade signature-based detection.
The fundamental advantages of whitelisting include:
• Proactive threat prevention rather than reactive detection
• Elimination of zero-day vulnerability windows
• Reduced attack surfaces through execution restrictions
• Minimal false negatives compared to detection-based approaches
• Lower performance overhead in operational environments
• Enhanced regulatory compliance alignment
However, whitelisting isn’t universally optimal. Implementation complexity, administrative overhead, and operational restrictions make it most appropriate for stable environments with well-defined application requirements. Organizations must carefully evaluate their risk profiles, operational needs, and available resources when choosing security strategies.
The ideal approach for most organizations combines whitelisting for critical systems with antimalware for general-purpose environments, creating defense-in-depth that leverages each technology’s strengths. As threat landscapes continue evolving and zero-day attacks become increasingly common, the security community’s shift toward preventive controls like whitelisting represents sound strategic thinking.
Organizations that prioritize security for high-value assets should implement whitelisting as a foundational control, accepting the implementation challenges in exchange for dramatically improved security outcomes. The question isn’t whether whitelisting is superior to antimalware for critical systems—the evidence clearly supports this—but rather how organizations can overcome implementation barriers to realize whitelisting’s substantial security benefits.
Future research should explore AI-enhanced whitelisting automation, integration with zero trust architectures, and quantitative risk modeling comparing security outcomes across different control strategies. As whitelisting adoption increases, additional longitudinal studies will provide valuable insights into long-term effectiveness and total cost of ownership across diverse organizational contexts.
References
1. National Institute of Standards and Technology. (2019). Guide to Application Whitelisting (NIST Special Publication 800-167). U.S. Department of Commerce.
2. Cybersecurity and Infrastructure Security Agency. (2023). Application Whitelisting Best Practices. Department of Homeland Security.
3. Gartner Research. (2024). Market Guide for Endpoint Protection Platforms. Gartner Inc.
4. International Society of Automation. (2022). Security for Industrial Automation and Control Systems (ISA/IEC 62443 Series).
5. Payment Card Industry Security Standards Council. (2024). Payment Card Industry Data Security Standard v4.0.
6. North American Electric Reliability Corporation. (2023). Critical Infrastructure Protection Standards (NERC CIP-007-6).
7. AV-TEST Institute. (2024). Annual Malware Statistics Report. AV-TEST GmbH.
8. Verizon. (2024). Data Breach Investigations Report. Verizon Enterprise Solutions.
9. Ponemon Institute. (2024). Cost of a Data Breach Report. IBM Security.
10. Mandiant. (2024). M-Trends: Annual Threat Report. Google Cloud.
11. SANS Institute. (2023). Critical Security Controls Version 8. Center for Internet Security.
12. Microsoft Security. (2024). Digital Defense Report. Microsoft Corporation.
13. Forrester Research. (2024). The Forrester Wave: Endpoint Security Suites. Forrester Research Inc.
14. European Union Agency for Cybersecurity. (2023). Good Practices for Security of Industrial Control Systems. ENISA.
15. Industrial Control Systems Cyber Emergency Response Team. (2024). Recommended Practices. CISA ICS-CERT.
Author Information
Authors: Día Fayyad dia.fayyad@gmail.com; www.linkedin.com/in/diafayyad
Affiliations: Cybersecurity Department, Saudi Aramco; Jordanian Engineers Association, Saudi Council of Engineers
Conflict of Interest Statement: The author declares no conflicts of interest related to this research.
