Computational Intelligence in Security for Information Systems

Volume 6694 of the series Lecture Notes in Computer Science pp 206-213

Rationally Opting for the Insecure Alternative: Negative Externalities and the Selection of Security Controls

  • Craig S. WrightAffiliated withSchool of Computing and Mathematics, Charles Sturt University
  • , Tanveer A. ZiaAffiliated withSchool of Computing and Mathematics, Charles Sturt University

* Final gross prices may vary according to local VAT.

Get Access


As with all aspects of business and the economy, information security is an economic function. Security can be modeled as a maintenance or insurance cost as a relative function but never in absolute terms. As such, security can be seen as a cost function that leads to the prevention of loss, but not one that can create gains (or profit). With the role of a capital investment to provide a return on investment, security is a defense against unforeseen losses that cost capital and reduce profitability. In this paper we assess the individual security cost and model our assessment in economic terms. This assessment is vital in determining the cost benefit in applying costly security controls in our systems in general and software in particular.


Software Development Life Cycle Model Checking Software Verification Empirical studies