Skip to main content
SpringerLink
Log in

Managing Information Risk and the Economics of Security

  • Chapter
  • First Online:
Managing Information Risk and the Economics of Security

Abstract

Information risk and the economics of managing security is a concern of private-sector executives, public policy makers, and citizens. In this introductory chapter, we examine the nature of information risk and security economics from multiple perspectives including chief information security officers of large firms, representatives from the media that cover information security for both technical and mass media publications, and agencies of the government involved in cyber crime investigation and prosecution. We also briefly introduce the major themes covered in the five primary sections of the book.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Many people contributed to this overview by framing panel discussions at WEIS, recording panelist discussions, and directly contributing to related publications. In particular, I thank Jane Applegate of Tuck’s Center for Digital Strategies and Eric Goetz of the I3Pfor their direct contributions to this manuscript. This material is based upon work partially supported by the U.S. Department of Homeland Security under Grant Award Numbers 2006-CS-001-000001 and 2003-TK-TX-0003, under the auspices of the Institute for Information Infrastructure Protection (I3P) and through the Institute for Security Technology Studies (ISTS). The I3P is managed by Dartmouth College. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security, the I3P, ISTS, or Dartmouth College.

References

  • Acohido, B. and Swartz, J. Zero Day Threat, Steerling Publishing, New York, NY, 2008.

    Google Scholar 

  • Andrijcic, Eand Horowitz, B. “A Macro-Economic Framework for Evaluation of Cyber Security Risks Related to Protection of Intellectual Property,” Risk Analysis, Vol. 26(4), 2006, pp. 907–923.

    Article  Google Scholar 

  • Anderson, R. Security Engineering, Second Edition, Wiley Publishing Inc, Indianapolis, IN, 2008.

    Google Scholar 

  • Anderson, Rand Moore, T. “The Economics of Information Security,” Science 314(5799) 2006, pp. 610–613.

    Article  Google Scholar 

  • Camp, J.,Economics of Identity Theft, Springer Science+Business Media, New York, NY, 2007.

    Google Scholar 

  • Goetz, E. and Johnson, M.E. “Security through Information Risk Management.” I3P Technical Report. Dartmouth College, 2007. http://mba.tuck.dartmouth.edu/ digital/Programs/Corporate Events/CISO2007/Overview.pdf.

  • Goetz, E. and Shenoi, S. Critical Infrastructure Protection, Springer Science+Business Media, New York, NY, 2008.

    Google Scholar 

  • Gordon, L.A. and Loeb, M.P. “Process For Deciding on Information Security Expenditures: Empirical Evidence,” Communications of the ACM, (January), 2006, pp. 121–125.

    Google Scholar 

  • Johnson, M.E., Goetz, E., and Pfleeger, S.L. “Security through Information Risk Management,” forthcoming in IEEE Security and Privacy, 2008.

    Google Scholar 

  • Johnson, M.E. and Goetz, E. “Embedding Information Security Risk Management into the Extended Enterprise,” IEEE Security and Privacy, 5(3), 2007, pp. 16–24.

    Article  Google Scholar 

  • Jolly, D. “Fraud Costs French Bank $7.1 Billion,” New York Times, 2008.

    Google Scholar 

  • Kannan, K. and Telang, R. “Market for Software Vulnerabilities? Think Again,” Management Science (51:5), 2005, pp. 726–740.

    Article  Google Scholar 

  • Pereira, J., Levitz, J., and Singer-Vine, J. “Some Stores Quiet Over Card Breach,” Wall Street Journal, August 11, 2008, B1.

    Google Scholar 

  • Sidel, R. “Stores Blame Checkout Software for Security Breaches,” Wall Street Journal, January 18, 2007, D1.

    Google Scholar 

Download references

Authors
  1. M. Eric Johnson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

    Rights and permissions

    Reprints and permissions

    Copyright information

    © 2009 Springer Science+Business Media, LLC

    About this chapter

    Cite this chapter

    Johnson, M.E. (2009). Managing Information Risk and the Economics of Security. In: Johnson, M.E. (eds) Managing Information Risk and the Economics of Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-09762-6_1

    Download citation

    • DOI: https://doi.org/10.1007/978-0-387-09762-6_1

    • Published:

    • Publisher Name: Springer, Boston, MA

    • Print ISBN: 978-0-387-09761-9

    • Online ISBN: 978-0-387-09762-6

    • eBook Packages: Computer ScienceComputer Science (R0)

    Publish with us

    Policies and ethics

    Search

    Navigation