The term virus is widely used for one type of malicious code affecting computer systems and networks. Such usage suggests the mental picture of malicious code as a disease infecting computers and implies that information security can use a medical paradigm for protecting against those diseases. In fact, using the concepts of biological systems and models can inform, guide and inspire information security as it seeks to understand, prevent, detect, interdict and counter threats to information assets and systems. The biological approach is especially useful in enabling quantitative risk management and informing management decisions in information security. Statistical analyses are used to evaluate treatment protocols in medicine.