Abstract
We address the question of how much security is required to protect a packaged system, installed in a large number of organizations, from thieves who would exploit a single vulnerability to attack multiple installations. While our work is motivated by the need to help organizations make decisions about how to defend themselves, we also show how they can better protect themselves by helping to protect each other.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Schechter, S.E.: Quantitatively differentiating system security. In: The First Workshop on Economics and Information Security (2002)
Young, A., Yung, M.: Cryptovirology: Extortion-based security threats and countermeasures. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 129–140 (1996)
Counterpane Internet Security, Lloyd’s of London: Counterpane Internet Security announces industry’s first broad insurance coverage backed by Lloyd’s of London for e-commerce and Internet security, http://www.counterpane.com/pr-lloyds.html (2000)
The Honeynet Project: Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community. Addison-Wesley, Reading (2001)
Becker, G.S.: Crime and punishment: An economic approach. The Journal of Political Economy 76, 169–217 (1968)
Ehrlich, I.: Participation in illegitimate activities: A theoretical and empirical investigation. The Journal of Political Economy 81, 521–565 (1973)
Ehrlich, I.: Crime, punishment, and the market for offenses. The Journal of Economic Perspectives 10, 43–67 (1996)
Gordon, L.A., Loeb, M.P., Lucyshyn, W.: An economics perspective on the sharing of information related to security breaches: Concepts and empirical evidence. In: The First Workshop on Economics and Information Security (2002)
Goldberg, I., Nold, F.C.: Does reporting deter burglars?–an empirical analysis of risk and return in crime. The Review of Economics and Statistics 62, 424–431 (1980)
Anderson, R.J.: Why information security is hard, an economic perspective. In: 17th Annual Computer Security Applications Conference (2001)
Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Transactions on Information and System Security 5, 438–457 (2002)
Varian, H.R.: System reliability and free riding. In: The First Workshop on Economics and Information Security (2002)
Beattie, S., Arnold, S., Cowan, C., Wagle, P., Wright, C.: Timing the application of security patches for optimal uptime. In: Proceedings of LISA 2002: 16th Systems Administration Conference (2002)
Rescorla, E.: Security holes... who cares? (2002), http://www.rtfm.com/upgrade.pdf
Schechter, S.E.: How to buy better testing: Using competition to get the most security and robustness for your dollar. In: Proceedings of the Infrastructure Security Conference (2002)
Camp, L.J., Wolfram, C.: Pricing security. In: Proceedings of the CERT Information Survivability Workshop, pp. 31–39 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schechter, S.E., Smith, M.D. (2003). How Much Security Is Enough to Stop a Thief?. In: Wright, R.N. (eds) Financial Cryptography. FC 2003. Lecture Notes in Computer Science, vol 2742. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45126-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-45126-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40663-1
Online ISBN: 978-3-540-45126-6
eBook Packages: Springer Book Archive