Abstract
Information risk and the economics of managing security is a concern of private-sector executives, public policy makers, and citizens. In this introductory chapter, we examine the nature of information risk and security economics from multiple perspectives including chief information security officers of large firms, representatives from the media that cover information security for both technical and mass media publications, and agencies of the government involved in cyber crime investigation and prosecution. We also briefly introduce the major themes covered in the five primary sections of the book.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Many people contributed to this overview by framing panel discussions at WEIS, recording panelist discussions, and directly contributing to related publications. In particular, I thank Jane Applegate of Tuck’s Center for Digital Strategies and Eric Goetz of the I3Pfor their direct contributions to this manuscript. This material is based upon work partially supported by the U.S. Department of Homeland Security under Grant Award Numbers 2006-CS-001-000001 and 2003-TK-TX-0003, under the auspices of the Institute for Information Infrastructure Protection (I3P) and through the Institute for Security Technology Studies (ISTS). The I3P is managed by Dartmouth College. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security, the I3P, ISTS, or Dartmouth College.
References
Acohido, B. and Swartz, J. Zero Day Threat, Steerling Publishing, New York, NY, 2008.
Andrijcic, Eand Horowitz, B. “A Macro-Economic Framework for Evaluation of Cyber Security Risks Related to Protection of Intellectual Property,” Risk Analysis, Vol. 26(4), 2006, pp. 907–923.
Anderson, R. Security Engineering, Second Edition, Wiley Publishing Inc, Indianapolis, IN, 2008.
Anderson, Rand Moore, T. “The Economics of Information Security,” Science 314(5799) 2006, pp. 610–613.
Camp, J.,Economics of Identity Theft, Springer Science+Business Media, New York, NY, 2007.
Goetz, E. and Johnson, M.E. “Security through Information Risk Management.” I3P Technical Report. Dartmouth College, 2007. http://mba.tuck.dartmouth.edu/ digital/Programs/Corporate Events/CISO2007/Overview.pdf.
Goetz, E. and Shenoi, S. Critical Infrastructure Protection, Springer Science+Business Media, New York, NY, 2008.
Gordon, L.A. and Loeb, M.P. “Process For Deciding on Information Security Expenditures: Empirical Evidence,” Communications of the ACM, (January), 2006, pp. 121–125.
Johnson, M.E., Goetz, E., and Pfleeger, S.L. “Security through Information Risk Management,” forthcoming in IEEE Security and Privacy, 2008.
Johnson, M.E. and Goetz, E. “Embedding Information Security Risk Management into the Extended Enterprise,” IEEE Security and Privacy, 5(3), 2007, pp. 16–24.
Jolly, D. “Fraud Costs French Bank $7.1 Billion,” New York Times, 2008.
Kannan, K. and Telang, R. “Market for Software Vulnerabilities? Think Again,” Management Science (51:5), 2005, pp. 726–740.
Pereira, J., Levitz, J., and Singer-Vine, J. “Some Stores Quiet Over Card Breach,” Wall Street Journal, August 11, 2008, B1.
Sidel, R. “Stores Blame Checkout Software for Security Breaches,” Wall Street Journal, January 18, 2007, D1.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Johnson, M.E. (2009). Managing Information Risk and the Economics of Security. In: Johnson, M.E. (eds) Managing Information Risk and the Economics of Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-09762-6_1
Download citation
DOI: https://doi.org/10.1007/978-0-387-09762-6_1
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-09761-9
Online ISBN: 978-0-387-09762-6
eBook Packages: Computer ScienceComputer Science (R0)