Abstract
In September 2007, we were awarded a contract by the European Network and Information Security Agency (ENISA) to investigate failures in the market for secure electronic communications within the European Union, and come up with policy recommendations. In the process, we spoke to a large number of stakeholders, and held a consultative meeting in December 2007 in Brussels to present draft proposals, which established most had wide stakeholder support. The formal outcome of our work was a detailed report, “Security Economics and the Internal Market”, published by ENISA in March 2008. This paper presents a much abridged version: in it, we present the recommendations we made, along with a summary of our reasoning.
This chapter originally appeared in Eric M. Johnson (ed.) “Managing Information Risk and the Economics of Security”, (c) Springer 2008
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Acquisti, A., Friedman, A., and Telang, R. “Is There a Cost to Privacy Breaches? An Event Study”, in 5th Workshop on the Economics of Information Security (WEIS), Cambridge, United Kingdom, June 2006.
Akerlof, G. “The Market for ‘Lemons’: Quality Uncertainty and the Market Mechanism”. Quart. J. Economics (84), 1970, pp. 488–500.
Anderson, N. “German ‘Anti-Hacker’ Law Forces Hacker Sites to Relocate”. Ars Technica, 14 August 2007. http://arstechnica.com/news.ars/post/20070814-german-anti-hacker-law-forcing-hacker-sites-torelocate.html
Anderson, R., and Moore, T. “The Economics of Information Security”, Science (314:5799), October 2006, pp. 610–613.
APACS. “Card Fraud Losses Continue to Fall”, Press Release, APACS, 14 March 2007. http://www.apacs.org.uk/media_centre/press/07_14_03.html
Arora, A., Krishnan, R., Telang, R., and Yang, Y. “An Empirical Analysis of Vendor Response to Disclosure Policy”, in 4th WEIS, Cambridge, Massachusetts, June 2005.
BBC. “Devices Attached to Cash Machines”, BBC News, 15 October 2007. http://news.bbc.co.uk/1/hi/england/cambridgeshire/7044894.stm
California State Senate. Assembly Bill 700, 2002. http://info.sen.ca.gov/pub/01-02/bill/asm/ab_0651-0700/ab_700_bill_20020929_chaptered.pdf
Casper, C. “Examining the Feasibility of a Data Collection Framework”, ENISA, February 2008.
Cavusoglu, H., Cavusoglu, H., and Zhang, J. “Economics of Patch Management”, in 5th WEIS, Cambridge, United Kingdom, June 2006.
Clayton, R. “Hacking Tools are Legal for a Little Longer”, Light Blue Touchpaper, 19 June 2007. http://www.lightbluetouchpaper.org/2007/06/19/hacking-tools-are-legal-for-a-little-longer/
Computer Security Institute. “The 12th Annual Computer Crime and Security Survey”, October 2007. http://www.gocsi.com/
Council of Europe. Convention on Cybercrime, CETS 185, November 2001. http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CL=ENG
Edelman, B. “Advertisers Using WhenU”, July 2004. http://www.benedelman.org/spyware/whenu-advertisers/
Edelman, B. “Spyware: Research, Testing, Legislation, and Suits”, June 2008. http://www.benedelman.org/spyware/
van Eeten, M., and Bauer, J. “The Economics of Malware: Security Decisions, Incentives and Externalities”, OECD, May 2008. http://www.oecd.org/dataoecd/25/2/40679279.pdf
European Commission. “i2010 Benchmarking Framework”, November 2006. http://ec.europa.eu/information_society/eeurope/i2010/docs/benchmarking/060220_i2010_Benchmarking_Framework_final_nov_2006.doc
European Commission. “Report on the Outcome of the Review of the EU Regulatory Framework for Electronic Communications Networks and Services in Accordance with Directive 2002/21/EC and Summary of the 2007 Reform Proposals”, November 2007. http://ec.europa.eu/information_society/policy/ecomm/doc/library/proposals/com_review_en.pdf
European Economic Community. “Council Directive of 25 July 1985 on the Approximation of the Laws, Regulations and Administrative Provisions of the Member States Concerning Liability for Defective Products (85/374/EEC)”, July 1985.
European Union. “Directive 93/13/EEC of 5 April 1993 on Unfair Terms in Consumer Contracts”, April 1993. http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smatapi!celexapi!prod!CELEXnumdoc&lg=EN&numdoc=31993L0013&model=guichett
European Union. “Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector (Directive on Privacy and Electronic Communications)”, July 2002. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:HTML
European Union. “Directive 2006/123/EC of the European Parliament and of the Council of of 12 December 2006 on Services in the Internal Market”, December 2006. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:376:0036:0068:EN:PDF
European Union. “Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on Payment Services in the Internal Market Amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and Repealing Directive 97/5/EC Text with EEA Relevance”, November 2007. http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2007:319:0001:01:EN:HTML
House of Lords Science and Technology Committee. Personal Internet Security, 5th Report of 2006-07, The Stationery Office, London, August 2007.
D’Ignazio, A., and Giovannetti, E. “Spatial Dispersion of Peering Clusters in the European Internet”, Cambridge Working Papers in Economics 0601, January 2006. http://econpapers.repec.org/paper/camcamdae/0601.htm
D’Ignazio, A., and Giovannetti, E. “‘Unfair’ Discrimination in Two-sided Peering? Evidence from LINX”, Cambridge Working Papers in Economics 0621, February 2006. http://econpapers.repec.org/paper/camcamdae/0621.htm
Jakobsson, M., and Ramzan Z. Crimeware: Understanding New Attacks and Defenses, Addison Wesley, Upper Saddle River, New Jersey, 2008.
McPherson, D., Labovitz, C., and Hollyman, M. “Worldwide Infrastructure Security Report Volume III”, Arbor Networks, 2007. http://www.arbornetworks.com/report
Moore, T., and Clayton, R. “Examining the Impact of Website Take-down on Phishing” in 2nd Anti-Phishing Working Group eCrime Researcher’s Summit (APWG eCrime), Pittsburgh, Pennsylvania, October 2007, pp. 1–13.
OpenDNS. “OpenDNS Shares April 2007 PhishTank Statistics”, Press Release, 1 May 2007. http://www.opendns.com/about/press_release.php?id=14
Pitcom. “Critical National Infrastructure, Briefings for Parliamentarians on the Politics of Information Technology”, November 2006. http://www.pitcom.org.uk/briefings/PitComms1-CNI.doc
Serjantov, A., and Clayton, R. “Modelling Incentives for E-mail Blocking Strategies”, in 4th WEIS, Cambridge, Massachusetts, June 2005.
Shapiro, C., and Varian, H. Information Rules. A Strategic Guide to the Network Economy, Harvard Business School Press, Boston, Massachusetts, 1999.
Symantec. “Internet Security Threat Report Volume XII”, September 2007. http://www.symantec.com/business/theme.jsp?themeid=threatreport
Zetter, K. “Router Flaw is a Ticking Bomb”, Wired, 1 August 2005. http://www.wired.com/politics/security/news/2005/08/68365
Zhuge, J., Holz, T., Han, X., Guo, J., and Zou, W. “Characterizing the IRC-based Botnet Phenomenon”, Reihe Informatik Technical Report TR-2007-010, December 2007. http://honeyblog.org/junkyard/reports/botnet-china-TR.pdf
Zhuge, J., Holz, T., Song, C., Guo, J., Han, X., and Zou, W. “Studying Malicious Websites and the Underground Economy on the Chinese Web”, in 7th WEIS, Hanover, New Hampshire, June 2008.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2009 Vieweg+Teubner | GWV Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Anderson, R., Böhme, R., Clayton, R., Moor, T. (2009). Security Economics and European Policy. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2008 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9283-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9283-6_6
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0660-4
Online ISBN: 978-3-8348-9283-6
eBook Packages: Computer ScienceComputer Science (R0)