The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
VeriSign CZAG: Privacy Leak in X.509 Certificates
Proceedings of the 11th USENIX Security Symposium
InfraSec '02 Proceedings of the International Conference on Infrastructure Security
Moving from the design of usable security technologies to the design of useful secure applications
Proceedings of the 2002 workshop on New security paradigms
Cryptography and competition policy: issues with 'trusted computing'
Proceedings of the twenty-second annual symposium on Principles of distributed computing
Journal of Computer Security - IFIP 2000
Authentication with P2P Agents
BT Technology Journal
Timing the Application of Security Patches for Optimal Uptime
LISA '02 Proceedings of the 16th USENIX conference on System administration
A novel scenario-based information security management exercise
Proceedings of the 1st annual conference on Information security curriculum development
Budgeting process for information security expenditures
Communications of the ACM - Personal information management
Large-scale vulnerability analysis
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Inoculation strategies for victims of viruses and the sum-of-squares partition problem
Journal of Computer and System Sciences
Economic aspects of information security: An emerging field of research
Information Systems Frontiers
An experimental economics approach toward quantifying online privacy choices
Information Systems Frontiers
Investigation of IS professionals' intention to practise secure development of applications
International Journal of Human-Computer Studies
Looking for trouble: understanding end-user security management
Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
Network Software Security and User Incentives
Management Science
Home networking and HCI: what hath god wrought?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Network Software Security and User Incentives
Management Science
Viruses, Worms, and Trojan Horses: Serious Crimes, Nuisance, or Both?
Social Science Computer Review
Towards a standard approach for quantifying an ICT security investment
Computer Standards & Interfaces
Secure or insure?: a game-theoretic analysis of information security games
Proceedings of the 17th international conference on World Wide Web
Evaluation of Intrusion Detection Systems Under a Resource Constraint
ACM Transactions on Information and System Security (TISSEC)
Security and insurance management in networks with heterogeneous agents
Proceedings of the 9th ACM conference on Electronic commerce
Predicted and observed user behavior in the weakest-link security game
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Computational challenges in e-commerce
Communications of the ACM - Rural engineering development
Strategic planning for the computer science security
WSEAS Transactions on Computers
Secure Software Engineering: Learning from the Past to Address Future Challenges
Information Security Journal: A Global Perspective
The portal monitor: a privacy-enhanced event-driven system for elder care
Proceedings of the 4th International Conference on Persuasive Technology
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Robustly secure computer systems: a new security paradigm of system discontinuity
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Cybersecurity: Stakeholder incentives, externalities, and policy options
Telecommunications Policy
Improving CVSS-based vulnerability prioritization and response with context information
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Particle swarm optimization approach for information security investment decision
CA '07 Proceedings of the Ninth IASTED International Conference on Control and Applications
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
An Economic Analysis of the Software Market with a Risk-Sharing Mechanism
International Journal of Electronic Commerce
Nudge: intermediaries' role in interdependent network security
Proceedings of the 2010 ACM Symposium on Applied Computing
Information security economics - and beyond
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Position statement in RFID S&P panel: RFID and the middleman
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Economics of malware: epidemic risks model, network externalities and incentives
Allerton'09 Proceedings of the 47th annual Allerton conference on Communication, control, and computing
Understanding why some network protocols are user-unfriendly
Proceedings of the 13th international conference on Security protocols
The initial costs and maintenance costs of protocols
Proceedings of the 13th international conference on Security protocols
Evolutionary mechanism design: a review
Autonomous Agents and Multi-Agent Systems
Predicting vulnerable software components with dependency graphs
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Scalable byzantine computation
ACM SIGACT News
On the economics of information security: the problem of designing optimal cyber-insurance contracts
ACM SIGMETRICS Performance Evaluation Review
Nudge: intermediaries' role in interdependent network security
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Information security governance: integrating security into the organizational culture
Proceedings of the 2010 Workshop on Governance of Technology, Information and Policies
Is open source security a myth?
Communications of the ACM
Using real option thinking to improve decision making in security investment
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
The impact of information security breaches: Has there been a downward shift in costs?
Journal of Computer Security
Cost and benefit analysis of authentication systems
Decision Support Systems
A quantitative analysis into the economics of correcting software bugs
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Compliance or security, what cost?
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Privacy-friendly business models for location-based mobile
Journal of Theoretical and Applied Electronic Commerce Research
ACM SIGCAS Computers and Society
Panel summary: incentives, markets and information security
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Secure mobile sales force automation: the case of independent sales agencies
Information Systems and e-Business Management
A theoretical model for the average impact of attacks on billing infrastructures
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
A learning-based approach to reactive security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
From the economics to the behavioral economics of privacy: a note
ICEB'10 Proceedings of the Third international conference on Ethics and Policy of Biometrics and International Data Sharing
Aegis: a novel cyber-insurance model
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Modeling internet security investments: tackling topological information uncertainty
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Rational security: Modelling everyday password use
International Journal of Human-Computer Studies
An economic modelling approach to information security risk management
International Journal of Information Management: The Journal for Information Professionals
A large scale exploratory analysis of software vulnerability life cycles
Proceedings of the 34th International Conference on Software Engineering
Security adoption in heterogeneous networks: the influence of cyber-insurance market
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part II
Managing the investment in information security technology by use of a quantitative modeling
Information Processing and Management: an International Journal
PeerSec: towards peer production and crowdsourcing for enhanced security
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Learning from your elders: a shortcut to information security management success
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
Security economics: a personal perspective
Proceedings of the 28th Annual Computer Security Applications Conference
Information Systems and e-Business Management
Theorizing Information Security Success: Towards Secure E-Government
International Journal of Electronic Government Research
Interactive Analysis of Agent-Goal Models in Enterprise Modeling
International Journal of Information System Modeling and Design
Information Resources Management Journal
Cost-effective quality assurance of wireless network security
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Diffusion dynamics of network technologies with bounded rational users: aspiration-based learning
IEEE/ACM Transactions on Networking (TON)
Determining the antecedents of digital security practices in the general public dimension
Information Technology and Management
How many attackers can selfish defenders catch?
Discrete Applied Mathematics
Proceedings of the 2013 workshop on New security paradigms workshop
Security adoption and influence of cyber-insurance markets in heterogeneous networks
Performance Evaluation
Hi-index | 0.02 |
According to one common view, information securitycomes down to technical measures. Given betteraccess control policy models, formal proofs of crypto-graphicprotocols, approved firewalls, better ways of detectingintrusions and malicious code, and better toolsfor system evaluation and assurance, the problems canbe solved.In this note, I put forward a contrary view: informationinsecurity is at least as much due to perverseincentives. Many of the problems can be explainedmore clearly and convincingly using the language ofmicroeconomics: network externalities, asymmetricinformation, moral hazard, adverse selection, liabilitydumping and the tragedy of the commons.