Skip to main content
SpringerLink
Log in

SEConomy: A Framework for the Economic Assessment of Cybersecurity

  • Conference paper
  • First Online:
Economics of Grids, Clouds, Systems, and Services (GECON 2019)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 11819))

Abstract

Cybersecurity concerns are one of the significant side effects of an increasingly interconnected world, which inevitably put economic factors into perspective, either directly or indirectly. In this context, it is imperative to understand the significant dependencies between complex and distributed systems (e.g., supply-chain), as well as security and safety risks associated with each actor. This paper proposes SEConomy, a strictly step-based framework to measure economic impact of cybersecurity activities in a distributed ecosystem with several actors. Through the mapping of actors, responsibilities, inter-dependencies, and risks, it is possible to develop specific economic models, which can provide in a combined manner an accurate picture of cybersecurity economic impacts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Non-profit organization serving military, government, industry, and academia.

References

  1. AFCE: The Economics of Cybersecurity: A Practical Framework for Cybersecurity Investment. The AFCE Cyber Committee (2013). https://www.afcea.org/committees/cyber/documents/cybereconfinal.pdf

  2. Bauer, J., Van Eeten, M.: Introduction to the economics of cybersecurity. Commun. Strat. 81, 13–22 (2011)

    Google Scholar 

  3. BBC: Boeing Admits It ‘Fell Short’ on Safety Alert for 737, pp. 1–3. BBC News (2019). https://www.bbc.com/news/business-48461110

  4. Böhme, R.: Security metrics and security investment models. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC 2010. LNCS, vol. 6434, pp. 10–24. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16825-3_2

    Chapter  Google Scholar 

  5. Brecht, M., Nowey, T.: A closer look at information security costs. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 3–24. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39498-0_1

    Chapter  Google Scholar 

  6. Chen, P.Y., Kataria, G., Krishnan, R.: Correlated failures, diversification, and information security risk management. MIS Q. 35, 397–422 (2011)

    Article  Google Scholar 

  7. Dynes, S., Goetz, E., Freeman, M.: Cyber security: are economic incentives adequate? In: Goetz, E., Shenoi, S. (eds.) ICCIP 2007. IIFIP, vol. 253, pp. 15–27. Springer, Boston (2008). https://doi.org/10.1007/978-0-387-75462-8_2

    Chapter  Google Scholar 

  8. Felici, M., Wainwright, N., Cavallini, S., Bisogni, F.: What’s new in the economics of cybersecurity? IEEE Secur. Priv. 14, 11–13 (2016). https://doi.org/10.1109/MSP.2016.64

    Article  Google Scholar 

  9. Garg, P., Kohnfelder, L.: The threat to our products, pp. 1–8. Microsoft (1999). https://adam.shostack.org/microsoft/The-Threats-To-Our-Products.docx

  10. Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Trans. Inf. Syst. Secur. 5, 438–457 (2002). https://doi.org/10.1145/581271.581274

    Article  Google Scholar 

  11. Horng, T.C.: A comparative analysis of supply chain management practices by Boeing and Airbus: long-term strategic implications. Master thesis, Massachusetts Institute of Technology (MIT) (2006)

    Google Scholar 

  12. Jentzsch, N.: State-of-the-Art of the Economics of Cyber-Security and Privacy, vol. 4. IPACSO Deliverable D4.1 (2016)

    Google Scholar 

  13. Kornecki, A.J., Hall, K.: Approaches to assure safety in fly-by-wire systems: Airbus vs. Boeing. In: IASTED Conference on Software Engineering and Applications (2004)

    Google Scholar 

  14. Maglaras, L.A., et al.: Cyber security of critical infrastructures. ICT Express 4, 42–45 (2018). https://doi.org/10.1016/j.icte.2018.02.001. http://www.sciencedirect.com/science/article/pii/S2405959517303880. SI: CI and Smart Grid Cyber Security

    Article  Google Scholar 

  15. McGuffin, C., Mitchell, P.: On domains: cyber and the practice of warfare. Int. J.: Can. J. Glob. Policy Anal. 69, 394–412 (2014)

    Article  Google Scholar 

  16. Moore, S.: Gartner Forecasts Worldwide Information Security Spending to Exceed 124 Billion in 2019. Gartner (2018). https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124-billion-in-2019

  17. Moore, T.: The economics of cybersecurity: principles and policy options. Int. J. Crit. Infrastruct. Prot. (IJCNIP) 3, 103–117 (2010). https://doi.org/10.1016/j.ijcip.2010.10.002. http://www.sciencedirect.com/science/article/pii/S1874548210000429

    Article  Google Scholar 

  18. Morgan, S.: 2019 Official Annual Cybercrime Report. Herjavec Group (2019). https://bit.ly/2TouUT2

  19. NIST: Security and Privacy Controls for Federal Information Systems and Organizations, vol. 800, pp. 8–13. National Institute of Standards and Technology (NIST) Special Publication (2013)

    Google Scholar 

  20. NIST: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. Technical report, National Institute of Standards and Technology (NIST) (2014)

    Google Scholar 

  21. Rich, E., Gonzalez, J.J., Qian, Y., Sveen, F.O., Radianti, J., Hillen, S.: Emergent vulnerabilities in integrated operations: a proactive simulation study of economic risk. Int. J. Crit. Infrastruct. Prot. 2, 110–123 (2009). https://doi.org/10.1016/j.ijcip.2009.07.002. http://www.sciencedirect.com/science/article/pii/S1874548209000183

    Article  Google Scholar 

  22. Robert, S., Vijay, T., Tim, Z.: Best Practices in Cyber Supply Chain Risk Management, pp. 1–14. US Resilience Project (2016)

    Google Scholar 

  23. Shostack, A.: Experiences Threat Modeling at Microsoft, pp. 1–11. Microsoft (2008). https://adam.shostack.org/modsec08/Shostack-ModSec08-Experiences-Threat-Modeling-At-Microsoft.pdf

  24. Sonnenreich, W., Albanese, J., Stout, B., et al.: Return on security investment (ROSI)-a practical quantitative model. J. Res. Pract. Inf. Technol. 38, 45–52 (2006)

    Google Scholar 

  25. Takagi, T., Sugeno, M.: Fuzzy identification of systems and its applications to modeling and control. In: Readings in Fuzzy Sets for Intelligent Systems, pp. 387–403. Elsevier (1993)

    Google Scholar 

  26. Wang, H.O., Tanaka, K., Griffin, M.F.: An approach to fuzzy control of nonlinear systems: stability and design issues. IEEE Trans. Fuzzy Syst. 4, 14–23 (1996)

    Article  Google Scholar 

  27. WhiteHouse: The Cost of Malicious Cyber Activity to the U.S. Economy. White House (2018). https://www.whitehouse.gov/wp-content/uploads/2018/03/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf

  28. Wuyts, K., Scandariato, R., Joosen, W., Deng, M., Preneel, B.: LINDDUN: a privacy threat analysis framework, pp. 1–23. DistriNet (2019). https://people.cs.kuleuven.be/~kim.wuyts/LINDDUN/LINDDUN.pdf

Download references

Acknowledgements

This paper was supported partially by (a) the University of Zürich UZH, Switzerland and (b) the European Union’s Horizon 2020 Research and Innovation Program under grant agreement No. 830927, the Concordia project.

Author information

Authors and Affiliations

  1. Communication Systems Group CSG, Department of Informatics IfI, University of Zurich UZH, Binzmühlestrasse 14, 8050, Zürich, Switzerland

    Bruno Rodrigues, Muriel Franco, Geetha Parangi & Burkhard Stiller

Authors
  1. Bruno Rodrigues
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muriel Franco
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Geetha Parangi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Burkhard Stiller
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bruno Rodrigues .

Editor information

Editors and Affiliations

  1. University of Leeds, Leeds, UK

    Karim Djemame

  2. Seoul National University, Seoul, Korea (Republic of)

    Jörn Altmann

  3. University of Zaragoza, Zaragoza, Spain

    José Ángel Bañares

  4. Technion – Israel Institute of Technology and University of Haifa, Haifa, Israel

    Orna Agmon Ben-Yehuda

  5. LUMSA University, Rome, Italy

    Maurizio Naldi

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rodrigues, B., Franco, M., Parangi, G., Stiller, B. (2019). SEConomy: A Framework for the Economic Assessment of Cybersecurity. In: Djemame, K., Altmann, J., Bañares, J., Agmon Ben-Yehuda, O., Naldi, M. (eds) Economics of Grids, Clouds, Systems, and Services. GECON 2019. Lecture Notes in Computer Science(), vol 11819. Springer, Cham. https://doi.org/10.1007/978-3-030-36027-6_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-36027-6_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-36026-9

  • Online ISBN: 978-3-030-36027-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation