We’re sorry, something doesn't seem to be working properly.

Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

We’re sorry, something doesn't seem to be working properly.

Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Security Economics and European Policy | SpringerLink

We’re sorry, something doesn't seem to be working properly.

Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Skip to main content
SpringerLink
Log in

Security Economics and European Policy

    We’re sorry, something doesn't seem to be working properly.

    Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

ISSE 2008 Securing Electronic Business Processes

We’re sorry, something doesn't seem to be working properly.

Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Abstract

In September 2007, we were awarded a contract by the European Network and Information Security Agency (ENISA) to investigate failures in the market for secure electronic communications within the European Union, and come up with policy recommendations. In the process, we spoke to a large number of stakeholders, and held a consultative meeting in December 2007 in Brussels to present draft proposals, which established most had wide stakeholder support. The formal outcome of our work was a detailed report, “Security Economics and the Internal Market”, published by ENISA in March 2008. This paper presents a much abridged version: in it, we present the recommendations we made, along with a summary of our reasoning.

This chapter originally appeared in Eric M. Johnson (ed.) “Managing Information Risk and the Economics of Security”, (c) Springer 2008

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Acquisti, A., Friedman, A., and Telang, R. “Is There a Cost to Privacy Breaches? An Event Study”, in 5th Workshop on the Economics of Information Security (WEIS), Cambridge, United Kingdom, June 2006.

    Google Scholar 

  2. Akerlof, G. “The Market for ‘Lemons’: Quality Uncertainty and the Market Mechanism”. Quart. J. Economics (84), 1970, pp. 488–500.

    Article  Google Scholar 

  3. Anderson, N. “German ‘Anti-Hacker’ Law Forces Hacker Sites to Relocate”. Ars Technica, 14 August 2007. http://arstechnica.com/news.ars/post/20070814-german-anti-hacker-law-forcing-hacker-sites-torelocate.html

    Google Scholar 

  4. Anderson, R., and Moore, T. “The Economics of Information Security”, Science (314:5799), October 2006, pp. 610–613.

    Google Scholar 

  5. APACS. “Card Fraud Losses Continue to Fall”, Press Release, APACS, 14 March 2007. http://www.apacs.org.uk/media_centre/press/07_14_03.html

    Google Scholar 

  6. Arora, A., Krishnan, R., Telang, R., and Yang, Y. “An Empirical Analysis of Vendor Response to Disclosure Policy”, in 4th WEIS, Cambridge, Massachusetts, June 2005.

    Google Scholar 

  7. BBC. “Devices Attached to Cash Machines”, BBC News, 15 October 2007. http://news.bbc.co.uk/1/hi/england/cambridgeshire/7044894.stm

    Google Scholar 

  8. California State Senate. Assembly Bill 700, 2002. http://info.sen.ca.gov/pub/01-02/bill/asm/ab_0651-0700/ab_700_bill_20020929_chaptered.pdf

    Google Scholar 

  9. Casper, C. “Examining the Feasibility of a Data Collection Framework”, ENISA, February 2008.

    Google Scholar 

  10. Cavusoglu, H., Cavusoglu, H., and Zhang, J. “Economics of Patch Management”, in 5th WEIS, Cambridge, United Kingdom, June 2006.

    Google Scholar 

  11. Clayton, R. “Hacking Tools are Legal for a Little Longer”, Light Blue Touchpaper, 19 June 2007. http://www.lightbluetouchpaper.org/2007/06/19/hacking-tools-are-legal-for-a-little-longer/

    Google Scholar 

  12. Computer Security Institute. “The 12th Annual Computer Crime and Security Survey”, October 2007. http://www.gocsi.com/

    Google Scholar 

  13. Council of Europe. Convention on Cybercrime, CETS 185, November 2001. http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CL=ENG

    Google Scholar 

  14. Edelman, B. “Advertisers Using WhenU”, July 2004. http://www.benedelman.org/spyware/whenu-advertisers/

    Google Scholar 

  15. Edelman, B. “Spyware: Research, Testing, Legislation, and Suits”, June 2008. http://www.benedelman.org/spyware/

    Google Scholar 

  16. van Eeten, M., and Bauer, J. “The Economics of Malware: Security Decisions, Incentives and Externalities”, OECD, May 2008. http://www.oecd.org/dataoecd/25/2/40679279.pdf

    Google Scholar 

  17. European Commission. “i2010 Benchmarking Framework”, November 2006. http://ec.europa.eu/information_society/eeurope/i2010/docs/benchmarking/060220_i2010_Benchmarking_Framework_final_nov_2006.doc

    Google Scholar 

  18. European Commission. “Report on the Outcome of the Review of the EU Regulatory Framework for Electronic Communications Networks and Services in Accordance with Directive 2002/21/EC and Summary of the 2007 Reform Proposals”, November 2007. http://ec.europa.eu/information_society/policy/ecomm/doc/library/proposals/com_review_en.pdf

    Google Scholar 

  19. European Economic Community. “Council Directive of 25 July 1985 on the Approximation of the Laws, Regulations and Administrative Provisions of the Member States Concerning Liability for Defective Products (85/374/EEC)”, July 1985.

    Google Scholar 

  20. European Union. “Directive 93/13/EEC of 5 April 1993 on Unfair Terms in Consumer Contracts”, April 1993. http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smatapi!celexapi!prod!CELEXnumdoc&lg=EN&numdoc=31993L0013&model=guichett

    Google Scholar 

  21. European Union. “Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector (Directive on Privacy and Electronic Communications)”, July 2002. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:HTML

    Google Scholar 

  22. European Union. “Directive 2006/123/EC of the European Parliament and of the Council of of 12 December 2006 on Services in the Internal Market”, December 2006. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:376:0036:0068:EN:PDF

    Google Scholar 

  23. European Union. “Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on Payment Services in the Internal Market Amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and Repealing Directive 97/5/EC Text with EEA Relevance”, November 2007. http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2007:319:0001:01:EN:HTML

    Google Scholar 

  24. House of Lords Science and Technology Committee. Personal Internet Security, 5th Report of 2006-07, The Stationery Office, London, August 2007.

    Google Scholar 

  25. D’Ignazio, A., and Giovannetti, E. “Spatial Dispersion of Peering Clusters in the European Internet”, Cambridge Working Papers in Economics 0601, January 2006. http://econpapers.repec.org/paper/camcamdae/0601.htm

    Google Scholar 

  26. D’Ignazio, A., and Giovannetti, E. “‘Unfair’ Discrimination in Two-sided Peering? Evidence from LINX”, Cambridge Working Papers in Economics 0621, February 2006. http://econpapers.repec.org/paper/camcamdae/0621.htm

    Google Scholar 

  27. Jakobsson, M., and Ramzan Z. Crimeware: Understanding New Attacks and Defenses, Addison Wesley, Upper Saddle River, New Jersey, 2008.

    Google Scholar 

  28. McPherson, D., Labovitz, C., and Hollyman, M. “Worldwide Infrastructure Security Report Volume III”, Arbor Networks, 2007. http://www.arbornetworks.com/report

    Google Scholar 

  29. Moore, T., and Clayton, R. “Examining the Impact of Website Take-down on Phishing” in 2nd Anti-Phishing Working Group eCrime Researcher’s Summit (APWG eCrime), Pittsburgh, Pennsylvania, October 2007, pp. 1–13.

    Google Scholar 

  30. OpenDNS. “OpenDNS Shares April 2007 PhishTank Statistics”, Press Release, 1 May 2007. http://www.opendns.com/about/press_release.php?id=14

    Google Scholar 

  31. Pitcom. “Critical National Infrastructure, Briefings for Parliamentarians on the Politics of Information Technology”, November 2006. http://www.pitcom.org.uk/briefings/PitComms1-CNI.doc

    Google Scholar 

  32. Serjantov, A., and Clayton, R. “Modelling Incentives for E-mail Blocking Strategies”, in 4th WEIS, Cambridge, Massachusetts, June 2005.

    Google Scholar 

  33. Shapiro, C., and Varian, H. Information Rules. A Strategic Guide to the Network Economy, Harvard Business School Press, Boston, Massachusetts, 1999.

    Google Scholar 

  34. Symantec. “Internet Security Threat Report Volume XII”, September 2007. http://www.symantec.com/business/theme.jsp?themeid=threatreport

    Google Scholar 

  35. Zetter, K. “Router Flaw is a Ticking Bomb”, Wired, 1 August 2005. http://www.wired.com/politics/security/news/2005/08/68365

    Google Scholar 

  36. Zhuge, J., Holz, T., Han, X., Guo, J., and Zou, W. “Characterizing the IRC-based Botnet Phenomenon”, Reihe Informatik Technical Report TR-2007-010, December 2007. http://honeyblog.org/junkyard/reports/botnet-china-TR.pdf

    Google Scholar 

  37. Zhuge, J., Holz, T., Song, C., Guo, J., Han, X., and Zou, W. “Studying Malicious Websites and the Underground Economy on the Chinese Web”, in 7th WEIS, Hanover, New Hampshire, June 2008.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Laboratory, University of Cambridge, UK

    Ross Anderson, Richard Clayton & Tyler Moor

  2. Faculty of Computer Science, Technische Universität Dresden, DE

    Rainer Böhme

Authors
  1. Ross Anderson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rainer Böhme
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Richard Clayton
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tyler Moor
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Norbert Pohlmann Helmut Reimer Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Vieweg+Teubner | GWV Fachverlage GmbH, Wiesbaden

About this chapter

Cite this chapter

Anderson, R., Böhme, R., Clayton, R., Moor, T. (2009). Security Economics and European Policy. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2008 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9283-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-8348-9283-6_6

  • Publisher Name: Vieweg+Teubner

  • Print ISBN: 978-3-8348-0660-4

  • Online ISBN: 978-3-8348-9283-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation