Abstract
As with all aspects of business and the economy, information security is an economic function. Security can be modeled as a maintenance or insurance cost as a relative function but never in absolute terms. As such, security can be seen as a cost function that leads to the prevention of loss, but not one that can create gains (or profit). With the role of a capital investment to provide a return on investment, security is a defense against unforeseen losses that cost capital and reduce profitability. In this paper we assess the individual security cost and model our assessment in economic terms. This assessment is vital in determining the cost benefit in applying costly security controls in our systems in general and software in particular.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ben-Itzhak, Y.: Organised cybercrime and payment cards. Card Technology Today 21(2), 10–11 (2009)
Devanbu, P.T., Stubblebine, S.: Software engineering for security: a roadmap. In: Proceedings of the Conference on The Future of Software Engineering. ACM, Limerick (2002)
DShield (2006-2010), http://www.dshield.org
Hahn, R.W., Layne-Farrar, A.: The Law and Economics of Software Security, p. 283. Harv. J.L. & Pub., Pol’y (2007)
Jaziar, R.: Understanding Hidden Information Security Threats: The Vulnerability Black Market. Paper presented at the 40th Annual Hawaii International Conference on System Sciences HICSS (2007)
Peisert, S., Bishop, M.: How to Design Computer Security Experiments. In: WG 11.8 International Federation of Information Processing. Springer, Boston (2007)
Scott, M.D.: Tort Liability for Vendors of Insecure Software: Has the Time Finally Come. Md. L. Rev. 67(425) (2007-2008)
Skyrms, B.: The Stag Hunt and the Evolution of Social Structure. Cambridge University Press, Cambridge (2004)
Stolpe, M.: Protection Against Software Piracy: A Study Of Technology Adoption For The Enforcement Of Intellectual Property Rights. Economics of Innovation and New Technology 9(1), 25–52 (2000)
White, D.S.D.: Limiting Vulnerability Exposure through effective Patch Management: threat mitigation through vulnerability remediation. Master of Science Thesis, Department of Computer Science, Rhodes University (2006)
Kolstad, C.D., Mathiesen, L.: Computing Cournot-Nash Equilibria. Operations Research 39, 739–748 (1991)
Kurz, M., Hart, S.: Pareto-Optimal Nash Equilibria Are Competitive in a Repeated Economy. Journal of Economic Theory 28, 320–346 (1982)
Arora, A., Telang, R.: Economics of Software Vulnerability Disclosure. IEEE Security and Privacy 3(1), 20–22 (2005)
Bacon, D.F., Chen, Y., Parkes, D., Rao, M.: A market-based approach to software evolution. Paper presented at the Proceeding of the 24th ACM SIGPLAN Conference Companion on Object Oriented Programming Systems Languages and Applications (2009)
Cavusoglu, H., Cavusoglu, H., Zhang, J.: Economics of Security Patch Management. In: The Fifth Workshop on the Economics of Information Security, WEIS 2006 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wright, C.S., Zia, T.A. (2011). Rationally Opting for the Insecure Alternative: Negative Externalities and the Selection of Security Controls. In: Herrero, Á., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Lecture Notes in Computer Science, vol 6694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21323-6_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-21323-6_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21322-9
Online ISBN: 978-3-642-21323-6
eBook Packages: Computer ScienceComputer Science (R0)