Skip to main content

Rationally Opting for the Insecure Alternative: Negative Externalities and the Selection of Security Controls

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 6694)

Abstract

As with all aspects of business and the economy, information security is an economic function. Security can be modeled as a maintenance or insurance cost as a relative function but never in absolute terms. As such, security can be seen as a cost function that leads to the prevention of loss, but not one that can create gains (or profit). With the role of a capital investment to provide a return on investment, security is a defense against unforeseen losses that cost capital and reduce profitability. In this paper we assess the individual security cost and model our assessment in economic terms. This assessment is vital in determining the cost benefit in applying costly security controls in our systems in general and software in particular.

Keywords

  • Software Development Life Cycle
  • Model Checking
  • Software Verification
  • Empirical studies

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-21323-6_26
  • Chapter length: 8 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   74.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-21323-6
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ben-Itzhak, Y.: Organised cybercrime and payment cards. Card Technology Today 21(2), 10–11 (2009)

    CrossRef  Google Scholar 

  2. Devanbu, P.T., Stubblebine, S.: Software engineering for security: a roadmap. In: Proceedings of the Conference on The Future of Software Engineering. ACM, Limerick (2002)

    Google Scholar 

  3. DShield (2006-2010), http://www.dshield.org

  4. Hahn, R.W., Layne-Farrar, A.: The Law and Economics of Software Security, p. 283. Harv. J.L. & Pub., Pol’y (2007)

    Google Scholar 

  5. Jaziar, R.: Understanding Hidden Information Security Threats: The Vulnerability Black Market. Paper presented at the 40th Annual Hawaii International Conference on System Sciences HICSS (2007)

    Google Scholar 

  6. Peisert, S., Bishop, M.: How to Design Computer Security Experiments. In: WG 11.8 International Federation of Information Processing. Springer, Boston (2007)

    Google Scholar 

  7. Scott, M.D.: Tort Liability for Vendors of Insecure Software: Has the Time Finally Come. Md. L. Rev. 67(425) (2007-2008)

    Google Scholar 

  8. Skyrms, B.: The Stag Hunt and the Evolution of Social Structure. Cambridge University Press, Cambridge (2004)

    Google Scholar 

  9. Stolpe, M.: Protection Against Software Piracy: A Study Of Technology Adoption For The Enforcement Of Intellectual Property Rights. Economics of Innovation and New Technology 9(1), 25–52 (2000)

    CrossRef  Google Scholar 

  10. White, D.S.D.: Limiting Vulnerability Exposure through effective Patch Management: threat mitigation through vulnerability remediation. Master of Science Thesis, Department of Computer Science, Rhodes University (2006)

    Google Scholar 

  11. Kolstad, C.D., Mathiesen, L.: Computing Cournot-Nash Equilibria. Operations Research 39, 739–748 (1991)

    MathSciNet  CrossRef  MATH  Google Scholar 

  12. Kurz, M., Hart, S.: Pareto-Optimal Nash Equilibria Are Competitive in a Repeated Economy. Journal of Economic Theory 28, 320–346 (1982)

    MathSciNet  CrossRef  MATH  Google Scholar 

  13. Arora, A., Telang, R.: Economics of Software Vulnerability Disclosure. IEEE Security and Privacy 3(1), 20–22 (2005)

    CrossRef  Google Scholar 

  14. Bacon, D.F., Chen, Y., Parkes, D., Rao, M.: A market-based approach to software evolution. Paper presented at the Proceeding of the 24th ACM SIGPLAN Conference Companion on Object Oriented Programming Systems Languages and Applications (2009)

    Google Scholar 

  15. Cavusoglu, H., Cavusoglu, H., Zhang, J.: Economics of Security Patch Management. In: The Fifth Workshop on the Economics of Information Security, WEIS 2006 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wright, C.S., Zia, T.A. (2011). Rationally Opting for the Insecure Alternative: Negative Externalities and the Selection of Security Controls. In: Herrero, Á., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Lecture Notes in Computer Science, vol 6694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21323-6_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21323-6_26

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21322-9

  • Online ISBN: 978-3-642-21323-6

  • eBook Packages: Computer ScienceComputer Science (R0)