Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
Economics of security
The economics of information security addresses the economic aspects of privacy and computer security. Economics of information security includes models of the strictly rational “homo economicus” as well as behavioral economics. Economics of securities addresses individual and organizational decisions and behaviors with respect to security and privacy as market decisions.
Economics of security addresses a core question: why do agents choose technical risks when there exists technical solutions to mitigate security and privacy risks? Economics addresses not only this question, but also inform design decisions in security engineering.
National security is the canonical public good. The economic status of information security came to the intellectual fore around 2000. As is the case with innovations it arose simultaneously in multiple venues.
In 2000, Ross Anderson wrote, Why Information Security is Hard. Anderson explained that a significant difficulty in optimal development of security technology is that incentives must be aligned with the technology to enable rational adoption. Thus, economic insights should be integrated into technical design. A security technology should enable the party at risk to invest to limit that risk. Otherwise, the designers are simply counting on altruism for adoption and diffusion. Many consider this publication the birth of economics of security.
Also in 2000 at Harvard, Camp at the School of Government and Wolfram in the Department of Economics argued that security is not a public good but rather each extant vulnerabilities has an associated negative externality value. Vulnerabilities were defined in this work as tradable goods. Six years later, iDEFENSE, ZDI and Mozilla have extant markets for vulnerabilities.
In 2000, the scientists at the Computer Emergency Response Team at Carnegie Mellon University proposed an early mechanism for risk assessment. The Hierarchical Holographic Model provided the first multi-faceted evaluation tool to guide security investments using the science of risk. Since that time, CERT has developed a suite of systematic mechanism for organizations to use in risk evaluations, depending on the size and expertise of the organization: OCTAVE. The study of computer security as an investment in risk avoidance has become standard practice.
In 2001, in an unrelated development, Lawrence A. Gordon and Martin P. Loeb published Using Information Security as a Response to Competitor Analysis System. A working paper of the published article was written in 2000. These professors, from Maryland's Smith School of Business, present a game-theoretic framework that demonstrates how information security can prevent rival firms from gaining sensitive information. In this context, the article considers the economic (i.e., cost-benefit) aspects of information security.
The authors came together to develop and expand a series of flagship events under the name Workshop on the Economics of Information Security.
Hub AI
Economics of security AI simulator
(@Economics of security_simulator)
Economics of security
The economics of information security addresses the economic aspects of privacy and computer security. Economics of information security includes models of the strictly rational “homo economicus” as well as behavioral economics. Economics of securities addresses individual and organizational decisions and behaviors with respect to security and privacy as market decisions.
Economics of security addresses a core question: why do agents choose technical risks when there exists technical solutions to mitigate security and privacy risks? Economics addresses not only this question, but also inform design decisions in security engineering.
National security is the canonical public good. The economic status of information security came to the intellectual fore around 2000. As is the case with innovations it arose simultaneously in multiple venues.
In 2000, Ross Anderson wrote, Why Information Security is Hard. Anderson explained that a significant difficulty in optimal development of security technology is that incentives must be aligned with the technology to enable rational adoption. Thus, economic insights should be integrated into technical design. A security technology should enable the party at risk to invest to limit that risk. Otherwise, the designers are simply counting on altruism for adoption and diffusion. Many consider this publication the birth of economics of security.
Also in 2000 at Harvard, Camp at the School of Government and Wolfram in the Department of Economics argued that security is not a public good but rather each extant vulnerabilities has an associated negative externality value. Vulnerabilities were defined in this work as tradable goods. Six years later, iDEFENSE, ZDI and Mozilla have extant markets for vulnerabilities.
In 2000, the scientists at the Computer Emergency Response Team at Carnegie Mellon University proposed an early mechanism for risk assessment. The Hierarchical Holographic Model provided the first multi-faceted evaluation tool to guide security investments using the science of risk. Since that time, CERT has developed a suite of systematic mechanism for organizations to use in risk evaluations, depending on the size and expertise of the organization: OCTAVE. The study of computer security as an investment in risk avoidance has become standard practice.
In 2001, in an unrelated development, Lawrence A. Gordon and Martin P. Loeb published Using Information Security as a Response to Competitor Analysis System. A working paper of the published article was written in 2000. These professors, from Maryland's Smith School of Business, present a game-theoretic framework that demonstrates how information security can prevent rival firms from gaining sensitive information. In this context, the article considers the economic (i.e., cost-benefit) aspects of information security.
The authors came together to develop and expand a series of flagship events under the name Workshop on the Economics of Information Security.