{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T03:16:55Z","timestamp":1773371815021,"version":"3.50.1"},"reference-count":143,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T00:00:00Z","timestamp":1763683200000},"content-version":"vor","delay-in-days":324,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100000266","name":"EPSRC","doi-asserted-by":"publisher","award":["EP\/R006865\/1"],"award-info":[{"award-number":["EP\/R006865\/1"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,1,17]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>The problem of maintaining organizational resilience in the face of ransomware attacks represents an important issue for modern organizations. Organizational networks and IT infrastructure have become increasingly complex, and it is often unclear how decisions about technology, policy, and recovery strategy will impact resilience. In this context, the paper focuses on two primary objectives. First, to offer security decision-makers a way of better understanding the impact of deploying different recovery solutions at organizational level by means of simulation modelling and comparative analysis of solutions. Second, to illustrate the suitability and benefits of using semantically justified, compositional system models together with a rigorously defined codesign model-construction methodology, in a complex scenario. Our choice of organizational recovery as modelling target is motivated through both form and complexity, allowing for illustrating the model conceptualization and construction methodology in a sufficiently rich context. We conceptualize the ransomware behaviour, organizational structure, IT infrastructure, and recovery choices and behaviour based on literature surveys and expert knowledge. Then, construct a modular, simulation model representing a generic target organization using our codesign approach. We execute the model over 9000 different parameter configurations, totalling an amount of 450\u2009000 iterations. We analyse the results, both in three specific scenarios deemed organizationally relevant and at the general level\u2014through sensitivity analysis\u2014and, exemplify possible ways in which the model can help inform decision-makers about their possible recovery choices.<\/jats:p>","DOI":"10.1093\/cybsec\/tyaf035","type":"journal-article","created":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T15:16:59Z","timestamp":1763738219000},"source":"Crossref","is-referenced-by-count":1,"title":["Modelling and simulating organizational ransomware recovery: structure, methodology, and decisions"],"prefix":"10.1093","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5424-5375","authenticated-orcid":false,"given":"Marius-Constantin","family":"Ilau","sequence":"first","affiliation":[{"name":"UCL Department of Computer Science, , Gower St. , London WC1E 6BT,","place":["United Kingdom"]}]},{"given":"Adrian","family":"Baldwin","sequence":"additional","affiliation":[{"name":"HP Security Lab, HP Inc. , 1 Redcliffe St. , Bristol BS1 6NP,","place":["United Kingdom"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7039-6472","authenticated-orcid":false,"given":"Tristan","family":"Caulfield","sequence":"additional","affiliation":[{"name":"UCL Department of Computer Science, , Gower St. , London WC1E 6BT,","place":["United Kingdom"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6504-5838","authenticated-orcid":false,"given":"David","family":"Pym","sequence":"additional","affiliation":[{"name":"UCL Department of Computer Science, , Gower St. , London WC1E 6BT,","place":["United Kingdom"]},{"name":"Institute of Philosophy, University of London , Malet St. , London WC1E 6HU,","place":["United Kingdom"]},{"name":"UCL Department of Philosophy, , Gower St. , London WC1E 6BT,","place":["United Kingdom"]}]}],"member":"286","published-online":{"date-parts":[[2025,11,21]]},"reference":[{"key":"2025112110165190400_bib1","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1007\/978-3-030-97124-3_22","article-title":"Meta-modelling for ecosystems security","volume-title":"Proceedings of the International Conference on Simulation Tools and Techniques","author":"Caulfield","year":"2022"},{"key":"2025112110165190400_bib2","first-page":"108","article-title":"Found in translation: co-design for security modelling","volume-title":"Proceedings of the\u00a011th STAST 2021","author":"Caulfield","year":"2021"},{"key":"2025112110165190400_bib3","doi-asserted-by":"crossref","first-page":"284","DOI":"10.1007\/978-3-030-97124-3_23","article-title":"Modelling organizational recovery","volume-title":"Simulation Tools and Techniques: 13th EAI International Conference, SIMUtools 2021, Virtual Event, November 5-6, 2021, Proceedings","author":"Baldwin","year":"2022"},{"key":"2025112110165190400_bib4","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1137\/141000671","article-title":"Julia: a fresh approach to numerical computing","volume":"59","author":"Bezanson","year":"2017","journal-title":"SIAM Rev"},{"key":"2025112110165190400_bib5","first-page":"6","article-title":"A\u2019conceptual models\u2019 approach to organisational resilience","volume":"25","author":"Gibson","year":"2010","journal-title":"Aust J Emer Manag"},{"key":"2025112110165190400_bib6","doi-asserted-by":"publisher","first-page":"638","DOI":"10.1016\/j.ejor.2018.10.020","article-title":"Resilience in information stewardship","volume":"274","author":"Ioannidis","year":"2019","journal-title":"Eur J Oper Res"},{"key":"2025112110165190400_bib7","first-page":"10","article-title":"Ransomware: evolution, mitigation and prevention","volume":"13","author":"Richardson","year":"2017","journal-title":"Int Manage Rev"},{"key":"2025112110165190400_bib8","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1049\/iet-net.2017.0207","article-title":"Evolution of ransomware","volume":"7","author":"O\u2019Kane","year":"2018","journal-title":"IET Netw"},{"key":"2025112110165190400_bib9","article-title":"A survey on ransomware: evolution, taxonomy, and defense solutions","author":"Oz","year":"2021"},{"key":"2025112110165190400_bib10","article-title":"Internet organised crime threat assessment","author":"Europol","year":"2020"},{"key":"2025112110165190400_bib11","article-title":"2019 Internet Crime Report","author":"FBI","year":"2020"},{"key":"2025112110165190400_bib12","article-title":"Cyber Security Breaches Survey 2020","author":"UK Government","year":"2020"},{"key":"2025112110165190400_bib13","doi-asserted-by":"crossref","first-page":"637","DOI":"10.1108\/ICS-05-2018-0060","article-title":"Impact of cyberattacks on stock performance: a comparative study","volume":"26","author":"Tweneboah-Kodua","year":"2018","journal-title":"Inform Comput Secur"},{"key":"2025112110165190400_bib14","doi-asserted-by":"crossref","first-page":"tyaa023","DOI":"10.1093\/cybsec\/tyaa023","article-title":"An empirical study of ransomware attacks on organizations: an assessment of severity and salient factors affecting vulnerability","volume":"6","author":"Yuryna\u00a0Connolly","year":"2020","journal-title":"J Cybersecur"},{"key":"2025112110165190400_bib15","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1109\/MITP.2017.3680961","article-title":"Do crypto-currencies fuel ransomware?","volume":"19","author":"Kshetri","year":"2017","journal-title":"IT Profess"},{"key":"2025112110165190400_bib16","first-page":"259","article-title":"Meta-modelling for ecosystems security","volume-title":"Proceedings of the 13th SIMUtools 2021","author":"Caulfield","year":"2021"},{"key":"2025112110165190400_bib17","volume-title":"Arms and Influence","author":"Schelling","year":"2008"},{"key":"2025112110165190400_bib18","volume-title":"Bombing to Win","author":"Pape","year":"2014"},{"key":"2025112110165190400_bib19","doi-asserted-by":"publisher","first-page":"541","DOI":"10.1016\/j.techfore.2012.07.002","article-title":"The cybercrime ecosystem: online innovation in the shadows?","volume":"80","author":"Kraemer-Mbula","year":"2013","journal-title":"Technol Forecast Soc Change"},{"key":"2025112110165190400_bib20","doi-asserted-by":"publisher","first-page":"1180","DOI":"10.1016\/j.clsr.2018.08.005","article-title":"The contemporary cybercrime ecosystem: a multi-disciplinary overview of the state of affairs and developments","volume":"34","author":"Broadhead","year":"2018","journal-title":"Comput Law Secur Rev"},{"key":"2025112110165190400_bib21","article-title":"Citadel trojan malware analysis","author":"Milletary","year":"2012"},{"key":"2025112110165190400_bib22","article-title":"Inside a Reveton Ransomware Operation","author":"Krebs","year":"2012"},{"key":"2025112110165190400_bib23","article-title":"Europol Takes Down Ransomware Gang in Spain, UAE","author":"Mimoso","year":"2013"},{"key":"2025112110165190400_bib24","article-title":"Inside the blackhole","author":"Szappanos","year":"2012"},{"key":"2025112110165190400_bib25","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1109\/InfoSec.2015.7435501","article-title":"Exploit Kits: the production line of the cybercrime economy?","volume-title":"Proceedings of the\u00a02015 second international conference on Information Security and Cyber Forensics (InfoSec)","author":"Hopkins","year":"2015"},{"key":"2025112110165190400_bib26","article-title":"Trojan: Android Koler","author":"F-Secure","year":"2013"},{"key":"2025112110165190400_bib27","article-title":"What is zeus?","author":"Wyke","year":"2011"},{"key":"2025112110165190400_bib28","article-title":"Hackers publish private photos from cosmetic surgery clinic","author":"Hearn","year":"2017"},{"key":"2025112110165190400_bib29","first-page":"82","article-title":"Double-extortion ransomware: a technical analysis of maze ransomware","volume-title":"Proceedings of the Future Technologies Conference","author":"Kerns","year":"2021"},{"key":"2025112110165190400_bib30","doi-asserted-by":"publisher","first-page":"53","DOI":"10.14421\/ijid.2021.2423","article-title":"Analysis of Conti ransomware attack on computer network with live forensic method","volume":"10","author":"Umar","year":"2021","journal-title":"Int J Inform Devel"},{"key":"2025112110165190400_bib31","article-title":"Shining a Light on DARKSIDE Ransomware Operations","author":"Nuce","year":"2021"},{"key":"2025112110165190400_bib32","article-title":"Allied Universal Breached by Maze Ransomware, Stolen Data Leaked","author":"Abrams","year":"2019"},{"key":"2025112110165190400_bib33","article-title":"JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data","author":"Abrams","year":"2021"},{"key":"2025112110165190400_bib34","first-page":"3","article-title":"The Conti Ransomware attack on healthcare in Ireland: exploring the impacts of a cybersecurity breach from a nursing perspective","volume":"16","author":"Moran\u00a0Stritch","year":"2021","journal-title":"Can J Nurs Inform"},{"key":"2025112110165190400_bib35","first-page":"160","article-title":"Cybersecurity, Ransomware attacks and health: exploring the public health implications of the recent cyberattack on Ireland\u2019s health service","volume":"29","author":"Houghton","year":"2021","journal-title":"Medicina Internacia Revuo"},{"key":"2025112110165190400_bib36","article-title":"US pipeline hack to make ransomware risks a priority","author":"Analytica","year":"2021"},{"key":"2025112110165190400_bib37","article-title":"The colonial pipeline hack: exposing vulnerabilities in UScybersecurity","author":"Hobbs","year":"2021"},{"key":"2025112110165190400_bib38","first-page":"73","article-title":"Saudi Arabia\u2019s response to cyber conflict: a case study of the Shamoon malware incident","volume-title":"Proceedings of the 2013 IEEE International Conference on Intelligence and Security Informatics","author":"Dehlawi","year":"2013"},{"key":"2025112110165190400_bib39","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1080\/00396338.2013.784468","article-title":"The cyber attack on Saudi Aramco","volume":"55","author":"Bronk","year":"2013","journal-title":"Survival"},{"key":"2025112110165190400_bib40","article-title":"Destructive malware targeting Ukrainian organizations","author":"Microsoft","year":"2022"},{"key":"2025112110165190400_bib41","article-title":"Destructive Malware Targeting Organizations in Ukraine","author":"CISA","year":"2022"},{"key":"2025112110165190400_bib42","article-title":"Overview of the 9 Distinct Data Wipers Used in the Ukraine War","author":"GROUP","year":"2022"},{"key":"2025112110165190400_bib43","article-title":"What is ransomware","author":"Dansimp","year":"2022"},{"key":"2025112110165190400_bib44","article-title":"MITRE ATT&CK Matrix for Enterprise","author":"ATT&CK","year":"2015"},{"key":"2025112110165190400_bib45","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/s10270-021-00898-7","article-title":"Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix","volume":"21","author":"Xiong","year":"2022","journal-title":"Softw Syst Model"},{"key":"2025112110165190400_bib46","article-title":"Updated Kaseya ransomware attack FAQ: what we know now","author":"Charlie","year":"2021"},{"key":"2025112110165190400_bib47","article-title":"CISA-FBI guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware","author":"FBI","year":"2021"},{"key":"2025112110165190400_bib48","article-title":"Up to 1,500 businesses affected by ransomware attack, U.S. firm\u2019s CEO says","author":"Raphael","year":"2021"},{"key":"2025112110165190400_bib49","article-title":"What is Ransomware as a Service (RaaS)? The Dangerous Threat to World Security","author":"Edward","year":"2022"},{"key":"2025112110165190400_bib50","article-title":"The new generation of ransomware: an in depth study of Ransomware-as-a-Service","author":"Keijzer","year":"2020"},{"key":"2025112110165190400_bib51","first-page":"92","article-title":"A survey of ransomware as a service (RaaS) and methods to mitigate the attack","volume-title":"Proceedings of the\u00a02021 14th International Conference on Developments in eSystems Engineering (DeSE)","author":"Alwashali","year":"2021"},{"key":"2025112110165190400_bib52","doi-asserted-by":"publisher","first-page":"101762","DOI":"10.1016\/j.cose.2020.101762","article-title":"The Ransomware-as-a-Service economy within the darknet","volume":"92","author":"Meland","year":"2020","journal-title":"Comput Secur"},{"key":"2025112110165190400_bib53","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/ICBC48266.2020.9169451","article-title":"Ransomware as a service using smart contracts and IPFS","volume-title":"2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)","author":"Karapapas","year":"2020"},{"key":"2025112110165190400_bib54","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1109\/SECPRI.1996.502676","article-title":"Cryptovirology: extortion-based security threats and countermeasures","volume-title":"Proceedings of the 1996 IEEE Conference on Security and Privacy. SP\u201996","author":"Young","year":"1996"},{"key":"2025112110165190400_bib55","first-page":"23","article-title":"Some new approaches for modelling large-scale worm spreading on the Internet. II","volume":"27","author":"Iliev","year":"2019","journal-title":"Neur Parallel Sci Comput"},{"key":"2025112110165190400_bib56","first-page":"34","article-title":"Educational exploiting the information resources and invading the security mechanisms of the operating system Windows 7 with the exploit Eternalblue and Backdoor Doublepulsar","volume":"14","author":"Boyanov","year":"2018","journal-title":"Assoc Sci Appl Res"},{"key":"2025112110165190400_bib57","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cosrev.2019.01.002","article-title":"A survey on malware analysis and mitigation techniques","volume":"32","author":"Chakkaravarthy","year":"2019","journal-title":"Comput Sci Rev"},{"key":"2025112110165190400_bib58","article-title":"Malware Lateral Movement: A Primer","author":"Chad","year":"2015"},{"key":"2025112110165190400_bib59","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1007\/978-3-319-30070-2_9","article-title":"Robustness to malware reinfections","volume-title":"Anti-fragile ICT Systems","author":"Hole","year":"2016"},{"key":"2025112110165190400_bib60","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1016\/j.procs.2020.08.010","article-title":"Malware persistence mechanisms","volume":"176","author":"Gittins","year":"2020","journal-title":"Proc Comp Sci"},{"key":"2025112110165190400_bib61","article-title":"Methods of malware persistence on Mac OS X","author":"Wardle","year":"2014"},{"key":"2025112110165190400_bib62","first-page":"3","article-title":"Persistence in linux-based IoT malware","volume-title":"Proceedings of the\u00a0Nordic Conference on Secure IT Systems","author":"Brierley","year":"2020"},{"key":"2025112110165190400_bib63","article-title":"NotPetya Technical Analysis Part II: Further Findings and Potential for MBR Recovery","author":"Shaun","year":"2017"},{"key":"2025112110165190400_bib64","article-title":"The anatomy of a ransomware attack","author":"Vynck","year":"2021"},{"key":"2025112110165190400_bib65","article-title":"Emotet Malware","author":"CISA","year":"2017"},{"key":"2025112110165190400_bib66","article-title":"Emotet Evolves With new Wi-Fi Spreader","author":"Binary Defense","year":"2020"},{"key":"2025112110165190400_bib67","volume-title":"The Incident Handlers Handbook","author":"Kral","year":"2012"},{"key":"2025112110165190400_bib68","volume-title":"SANS 2019 Incident Response(IR) Survey: It\u2019s Time for a Change","author":"Bromiley","year":"2012"},{"key":"2025112110165190400_bib69","article-title":"Maersk CISO Says NotPeyta Devastated Several Unnamed US firms","author":"Eric Parizo","year":"2019"},{"key":"2025112110165190400_bib70","article-title":"Protecting file systems: a survey of backup techniques","author":"Chervenak","year":"1998"},{"key":"2025112110165190400_bib71","article-title":"A survey of cooperative backup mechanisms","author":"Killijian","year":"2006"},{"key":"2025112110165190400_bib72","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4842-1827-3","volume-title":"Windows Installation and Update Troubleshooting","author":"Rhodes","year":"2016"},{"key":"2025112110165190400_bib73","article-title":"Microsoft Deployment Toolkit","author":"Microsoft","year":"2021"},{"key":"2025112110165190400_bib74","article-title":"Deploy Windows 10 using PXE and Configuration Manager","author":"Microsoft","year":"2021"},{"key":"2025112110165190400_bib75","article-title":"Apply features and settings on your devices using device profiles in Microsoft Intune","author":"Microsoft","year":"2020"},{"key":"2025112110165190400_bib76","article-title":"Overview of Windows Autopilot","author":"Microsoft","year":"2021"},{"key":"2025112110165190400_bib77","article-title":"Windows Recovery Environment (Windows RE)","author":"Microsoft","year":"2017"},{"key":"2025112110165190400_bib78","article-title":"HP SureRecover","author":"HP","year":"2021"},{"key":"2025112110165190400_bib79","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4899-6685-8","volume-title":"Demos\u2014Discrete Event Modelling on Simula","author":"Birtwistle","year":"1979"},{"key":"2025112110165190400_bib80","article-title":"SysModels Julia Package","author":"[blinded]","year":"2021"},{"key":"2025112110165190400_bib81","first-page":"e3","article-title":"Modelling and simulating systems security policy","volume-title":"Proceedings of the 8th International Conference on Simulation Tools and Techniques","author":"Caulfield","year":"2015"},{"key":"2025112110165190400_bib82","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1109\/MSP.2015.97","article-title":"Improving security policy decisions with models","volume":"13","author":"Caulfield","year":"2015","journal-title":"IEEE Secur Priv"},{"key":"2025112110165190400_bib83","volume-title":"A Discipline of Mathematical Systems Modelling","author":"Collinson","year":"2012"},{"key":"2025112110165190400_bib84","article-title":"Economic methods and decision making by security professionals","volume-title":"Economics of Information Security and Privacy III","author":"Baldwin","year":"2012"},{"key":"2025112110165190400_bib85","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1109\/ACSAC.2008.42","article-title":"Analysing the performance of security solutions to reduce vulnerability exposure window","author":"Beres","year":"2008","journal-title":"Proceedings of the\u00a02008 Annual Computer Security Applications Conference (ACSAC)"},{"key":"2025112110165190400_bib86","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1109\/NOMSW.2010.5486590","article-title":"Decision support for systems security investment","author":"Beresnevichiene","year":"2010","journal-title":"Proceedings of the\u00a02010 IEEE\/IFIP Network Operations and Management Symposium Workshops"},{"key":"2025112110165190400_bib87","article-title":"Security Analytics","author":"Hewlett-Packard\u00a0Laboratories","year":"2011"},{"key":"2025112110165190400_bib88","first-page":"8","article-title":"Bigraphs as a model for mobile interaction (invited paper)","volume-title":"Proceedings of the\u00a0ICGT 2002, First International Conference on Graph Transformation. Vol. 2505 of LNCS","author":"Milner","year":"2002"},{"key":"2025112110165190400_bib89","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511626661","volume-title":"The Space and Motion of Communicating Agents","author":"Milner","year":"2009"},{"key":"2025112110165190400_bib90","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1016\/0304-3975(83)90114-7","article-title":"Calculi for Synchrony and Asynchrony","volume":"25","author":"Milner","year":"1983","journal-title":"Theor Comput Sci"},{"key":"2025112110165190400_bib91","doi-asserted-by":"crossref","DOI":"10.1007\/3-540-10235-3","volume-title":"A Calculus of Communicating Systems","author":"Milner","year":"1980"},{"key":"2025112110165190400_bib92","volume-title":"Communicating Sequential Processes","author":"Hoare","year":"1985"},{"key":"2025112110165190400_bib93","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1016\/0304-3975(85)90093-3","article-title":"Higher-level synchronising devices in Meije-SCCS","volume":"37","author":"de\u00a0Simone","year":"1985","journal-title":"Theor Comput Sci"},{"key":"2025112110165190400_bib94","volume-title":"Communicating and Mobile Systems: The \u03c0-Calculus","author":"Milner","year":"1999"},{"key":"2025112110165190400_bib95","doi-asserted-by":"publisher","first-page":"215","DOI":"10.2307\/421090","article-title":"The logic of bunched implications","volume":"5","author":"O\u2019Hearn","year":"1999","journal-title":"Bull Symbol Logic"},{"key":"2025112110165190400_bib96","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1016\/j.tcs.2003.11.020","article-title":"Possible worlds and resources: the semantics of BI","volume":"315","author":"Pym","year":"2004","journal-title":"Theor Comput Sci"},{"key":"2025112110165190400_bib97","doi-asserted-by":"publisher","first-page":"1033","DOI":"10.1017\/S0960129505004858","article-title":"The semantics of BI and resource tableaux","volume":"15","author":"Galmiche","year":"2005","journal-title":"Math Struct Comput Sci"},{"key":"2025112110165190400_bib98","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/3326938.3326940","article-title":"Resource semantics: logic as a modelling technology","volume":"6","author":"Pym","year":"2019","journal-title":"ACM SIGLOG News"},{"key":"2025112110165190400_bib99","article-title":"A structural approach to operational semantics","author":"Plotkin","year":"1981"},{"key":"2025112110165190400_bib100","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1016\/j.tcs.2015.11.035","article-title":"A calculus and logic of bunched resources and processes","volume":"614","author":"Anderson","year":"2016","journal-title":"Theor Comput Sci"},{"key":"2025112110165190400_bib101","volume-title":"A Discipline of Mathematical Systems Modelling","author":"Collinson","year":"2011"},{"key":"2025112110165190400_bib102","first-page":"e3","article-title":"Semantics for structured systems modelling and simulation","volume-title":"Proceedings of the\u00a0Simutools 2010","author":"Collinson","year":"2010"},{"key":"2025112110165190400_bib103","doi-asserted-by":"publisher","first-page":"959","DOI":"10.1017\/S0960129509990077","article-title":"Algebra and logic for resource-based systems modelling","volume":"19","author":"Collinson","year":"2009","journal-title":"Math Struct Comput Sci"},{"key":"2025112110165190400_bib104","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/3326938.3326940","article-title":"Resource semantics: logic as a modelling technology","volume":"6","author":"Pym","year":"2019","journal-title":"ACM SIGLOG News"},{"key":"2025112110165190400_bib105","first-page":"55","article-title":"Separation logic: a logic for shared mutable data structures","volume-title":"Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science. LICS \u201902","author":"Reynolds","year":"2002"},{"key":"2025112110165190400_bib106","doi-asserted-by":"crossref","first-page":"236","DOI":"10.1007\/978-3-030-97124-3_21","article-title":"Engineering ecosystem models: semantics and pragmatics","volume-title":"Proceedings of the\u00a0International Conference on Simulation Tools and Techniques","author":"Caulfield","year":"2022"},{"key":"2025112110165190400_bib107","first-page":"14","article-title":"BI as an assertion language for mutable data structures","volume-title":"Proceedings of the\u00a0POPL","author":"Ishtiaq","year":"2001"},{"key":"2025112110165190400_bib108","first-page":"1","article-title":"Local reasoning about programs that alter data structures","volume-title":"Proceedings of the 15th International Workshop on Computer Science Logic. CSL \u201901","author":"O\u2019Hearn","year":"2001"},{"key":"2025112110165190400_bib109","doi-asserted-by":"crossref","first-page":"402","DOI":"10.1007\/3-540-45931-6_28","article-title":"A semantic basis for local reasoning","volume-title":"Foundations of Software Science and Computation Structures","author":"Yang","year":"2002"},{"key":"2025112110165190400_bib110","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1016\/j.tcs.2006.12.035","article-title":"Resources, concurrency, and local reasoning","volume":"375","author":"O\u2019Hearn","year":"2007","journal-title":"Theor Comput Sci"},{"key":"2025112110165190400_bib111","doi-asserted-by":"publisher","first-page":"671","DOI":"10.1145\/365813.365819","article-title":"SIMULA: an ALGOL-based simulation language","volume":"9","author":"Dahl","year":"1966","journal-title":"Commun ACM"},{"key":"2025112110165190400_bib112","article-title":"Demos Implementation Guide and Reference Manual","author":"Birtwistle","year":"1981"},{"key":"2025112110165190400_bib113","first-page":"352","article-title":"The PEPA Workbench: a tool to support a process algebra-based approach to performance modelling","volume-title":"Proceedings of the Seventh International Conference on Modelling Techniques and Tools for Computer Performance Evaluation No. 794 in Lecture Notes in Computer Science","author":"Gilmore","year":"1994"},{"key":"2025112110165190400_bib114","article-title":"The Demos2k distribution is part of the Seymour distribution","author":"Demos2k","year":"2001"},{"key":"2025112110165190400_bib115","first-page":"30","article-title":"Stan Ulam, John von Neumann, and the Monte Carlo Method","volume":"15","author":"Eckhardt","year":"1987","journal-title":"Los Alamos Sci"},{"key":"2025112110165190400_bib116","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1007\/978-1-4471-4588-2_3","article-title":"Monte Carlo simulation: the method","volume-title":"The Monte Carlo Simulation Method for System Reliability and Risk Analysis","author":"Zio","year":"2013"},{"key":"2025112110165190400_bib117","volume-title":"Probability","author":"McColl","year":"1995"},{"key":"2025112110165190400_bib118","doi-asserted-by":"publisher","first-page":"1037","DOI":"10.1057\/palgrave.jors.2600946","article-title":"Industrial dynamics","volume":"48","author":"Forrester","year":"1997","journal-title":"J Oper Res Soc"},{"key":"2025112110165190400_bib119","first-page":"152","article-title":"Co-design with communities. A reflection on the literature","volume-title":"Proceedings of the 7th International Development Informatics Association Conference No. 2013","author":"David","year":"2013"},{"key":"2025112110165190400_bib120","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1016\/j.envsoft.2018.08.028","article-title":"Tools and methods in participatory modeling: selecting the right tool for the job","volume":"109","author":"Voinov","year":"2018","journal-title":"Environ Modell Softw"},{"key":"2025112110165190400_bib121","article-title":"Agile software development methods: review and analysis","author":"Abrahamsson","year":"2017"},{"key":"2025112110165190400_bib122","volume-title":"Science and Sanity: An Introduction to Non-Aristotelian Systems and General Semantics","author":"Korzybski","year":"1958"},{"key":"2025112110165190400_bib123","volume-title":"Images de l\u2019organisation","author":"Gareth","year":"2019"},{"key":"2025112110165190400_bib124","first-page":"221","article-title":"Types of metaphors of organisation","volume":"3","author":"Su\u0142kowski","year":"2011","journal-title":"J Intercult Manag"},{"key":"2025112110165190400_bib125","volume-title":"The Toyota Product Development System: Integrating People, Process, and Technology","author":"Morgan","year":"2020"},{"key":"2025112110165190400_bib126","volume-title":"Simulation and Similarity: Using Models to Understand the World","author":"Weisberg","year":"2012"},{"key":"2025112110165190400_bib127","first-page":"214","article-title":"Mechanistic and organic systems","volume-title":"Organizational Behavior","author":"Burns","year":"2015"},{"key":"2025112110165190400_bib128","volume-title":"The Structuring of Organizations","author":"Mintzberg","year":"1979"},{"key":"2025112110165190400_bib129","volume-title":"Key Management Ideas: Thinkers That Changed the Management","author":"Crainer","year":"1993"},{"key":"2025112110165190400_bib130","doi-asserted-by":"publisher","first-page":"176","DOI":"10.2307\/41165273","article-title":"Managing through networks in investment banking","volume":"30","author":"Eccles","year":"1987","journal-title":"Calif Manage Rev"},{"key":"2025112110165190400_bib131","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1002\/(SICI)1097-0266(200003)21:3&lt;203::AID-SMJ102&gt;3.0.CO;2-K","article-title":"Strategic networks","volume":"21","author":"Gulati","year":"2000","journal-title":"Strat Manag J"},{"key":"2025112110165190400_bib132","first-page":"401","article-title":"The network organization in theory and practice","volume":"8","author":"Baker","year":"1992","journal-title":"Class Organ Theor"},{"key":"2025112110165190400_bib133","volume-title":"Image and Logic: A Material Culture of Microphysics","author":"Galison","year":"1997"},{"key":"2025112110165190400_bib134","article-title":"Violin plots explained","author":"Lewinson","year":"2019"},{"key":"2025112110165190400_bib135","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1016\/B978-0-12-802714-1.00013-X","article-title":"Chapter 3 - Early malware diffusion modeling methodologies","volume-title":"Malware Diffusion Models for Wireless Complex Networks","author":"Karyotis","year":"2016"},{"key":"2025112110165190400_bib136","doi-asserted-by":"publisher","first-page":"710","DOI":"10.1016\/j.apm.2009.06.011","article-title":"SEIQRS model for the transmission of malicious objects in computer network","volume":"34","author":"Mishra","year":"2010","journal-title":"Appl Math Modell"},{"key":"2025112110165190400_bib137","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1016\/j.cnsns.2016.07.012","article-title":"Design and analysis of SEIQR worm propagation model in mobile internet","volume":"43","author":"Xiao","year":"2017","journal-title":"Commun Nonl Sci Numer Simul"},{"key":"2025112110165190400_bib138","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.envsoft.2015.01.004","article-title":"A simple and efficient method for global sensitivity analysis based on cumulative distribution functions","volume":"67","author":"Pianosi","year":"2015","journal-title":"Environ Modell Softw"},{"key":"2025112110165190400_bib139","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1016\/j.envsoft.2018.07.019","article-title":"Distribution-based sensitivity analysis from a generic input-output sample","volume":"108","author":"Pianosi","year":"2018","journal-title":"Environ Modell Softw"},{"key":"2025112110165190400_bib140","doi-asserted-by":"publisher","first-page":"104851","DOI":"10.1016\/j.envsoft.2020.104851","article-title":"An effective strategy for combining variance- and distribution-based global sensitivity analysis","volume":"134","author":"Baroni","year":"2020","journal-title":"Environ Modell Softw"},{"key":"2025112110165190400_bib141","first-page":"83","article-title":"Sulla determinazione empirica di una lgge di distribuzione","volume":"4","author":"Kolmogorov","year":"1933","journal-title":"Inst Ital Attuari Giorn"},{"key":"2025112110165190400_bib142","first-page":"3","article-title":"On the estimation of the discrepancy between empirical curves of distribution for two independent samples","volume":"2","author":"Smirnov","year":"1939","journal-title":"Bull Math Univ Moscou"},{"key":"2025112110165190400_bib143","article-title":"Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031","author":"Braue","year":"2022"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf035\/65451383\/tyaf035.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf035\/65451383\/tyaf035.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T15:17:12Z","timestamp":1763738232000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyaf035\/8339854"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":143,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1,17]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyaf035","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2025]]},"published":{"date-parts":[[2025]]},"article-number":"tyaf035"}}