Date of Award


Document Type


Degree Name

Master of Science in Information Systems and Technology


Information and Decision Sciences

First Reader/Committee Chair

Dr William Butler


This project is an analysis of two cyber-attack analysis frameworks and how they may relate to a small business environment. Small businesses suffer significantly from malware attacks like ransomware. This analysis looks at the Cyber Kill Chain framework and the MITRE ATT&CK framework by looking at how each compare when applied to a simple small network and a malware attack. Each framework broke down the cyber-attack differently and by looking at how the frameworks performed within the simplified network provided insights to when small businesses should focus on malware risk reduction. Each framework, despite having different methods of analysis, arrived at similar conclusions about the environment. The role that users play in the environment when it comes to malware prevention becomes evident. The frameworks show the importance of proper user training in malware prevention. In small businesses and other organizations with small budgets investing in user malware awareness may prove a better investment than complicated expensive to buy and expensive to maintain solutions.