Pricing Security: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Pricing Security: Vulnerabilities as Externalities==
==Full Title of Reference==
Pricing Security: Vulnerabilities as Externalities


==Full Citation==
==Full Citation==




L. Jean Camp & Catherine D. Wolfram, ''Pricing Security: Vulnerabilities as Externalities, in'' Economics of Information Security (L. Jean Camp & Stephen Lewis eds., 2004).
L. Jean Camp & Catherine D. Wolfram, ''Pricing Security: Vulnerabilities as Externalities,'' in Economics of Information Security (L. Jean Camp & Stephen Lewis eds., 2004).
[http://books.google.com/books?id=PbzP9tgeDcAC&lpg=PA17&ots=8AOrvEojH5&dq=Economics%20of%20Information%20Security&lr&pg=PA17#v=onepage&q&f=false  ''Web''] [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=894966 ''SSRN'']
[http://books.google.com/books?id=PbzP9tgeDcAC&lpg=PA17&ots=8AOrvEojH5&dq=Economics%20of%20Information%20Security&lr&pg=PA17#v=onepage&q&f=false  ''Web''] [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=894966 ''SSRN'']


[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&view=detailed&startkey=Camp_Wolfram:2004&f=wikibiblio.bib ''BibTeX'']
[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=Camp_Wolfram:2004 ''BibTeX'']


==Categorization==
==Categorization==


Issues: [[Economics of Cybersecurity]], [[Risk Management and Investment]], [[Incentives]]
* Issues: [[Economics of Cybersecurity]]; [[Incentives]]; [[Risk Management and Investment]]  


==Key Words==  
==Key Words==  


[http://cyber.law.harvard.edu/cybersecurity/Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Security_as_an_Externality Cyber Security as an Externality]
[[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Security_as_an_Externality | Cyber Security as an Externality]],
 
[[Keyword_Index_and_Glossary_of_Core_Ideas#Outreach_and_Collaboration | Outreach and Collaboration]],
[http://cyber.law.harvard.edu/cybersecurity/Keyword_Index_and_Glossary_of_Core_Ideas#Research_.26_Development Research and Development]
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_.26_Development | Research and Development]]
 
[http://cyber.law.harvard.edu/cybersecurity/Keyword_Index_and_Glossary_of_Core_Ideas#Outreach_and_Collaboration Outreach and Collaboration]


==Synopsis==
==Synopsis==
Line 40: Line 39:
extensively addressed, although pricing without payment is meaningless, the problem
extensively addressed, although pricing without payment is meaningless, the problem
must be parsed to be solvable.
must be parsed to be solvable.
===Outline===
*Introduction
*Security as an Externality
*Past Solutions
**Information Provision
**Coordinating Information
**Classification 
**Setting Standards
**Subsidies
*Defining the Good: A Vulnerability
*Classifying Computer Security Failures
*Pollution: The Pricing Analogy
*Allocating Property Rights
*Jump Starting Trading
*Constructing A Vulnerabilty
*Conclusions


==Additional Notes and Highlights==
==Additional Notes and Highlights==
 
Expertise Required: Economics - Low
'' * Outline key points of interest

Latest revision as of 12:07, 20 August 2010

Full Title of Reference

Pricing Security: Vulnerabilities as Externalities

Full Citation

L. Jean Camp & Catherine D. Wolfram, Pricing Security: Vulnerabilities as Externalities, in Economics of Information Security (L. Jean Camp & Stephen Lewis eds., 2004). Web SSRN

BibTeX

Categorization

Key Words

Cyber Security as an Externality, Outreach and Collaboration, Research and Development

Synopsis

We argue that provision of computer security in a networked environment is an externality and subject to market failures. However, regulatory regimes or a pricing schemes can causes parties to internalize the externalities and provide more security. The current mechanisms for dealing with security are security analysis firms; publications of vulnerabilities; the provision of emergency assistance through incident response teams; and the option of seeking civil redress through the courts. The overall effectiveness of these mechanisms is questionable. The foundation of environmental economics supports building a market as a solution to the problem of widespread vulnerabilities. In this work we propose a market for vulnerability credits.

This paper is a first step to developing a pricing scheme for vulnerabilities to increase infrastructure security. We begin by arguing that security is an externality and one which could be priced. We examine security taxonomies in terms of their usefulness for pricing security vulnerabilities. We discuss the parallel with pricing pollution. We address the issue of jump-starting the market. Regulatory mechanisms for collection are not extensively addressed, although pricing without payment is meaningless, the problem must be parsed to be solvable.

Outline

  • Introduction
  • Security as an Externality
  • Past Solutions
    • Information Provision
    • Coordinating Information
    • Classification
    • Setting Standards
    • Subsidies
  • Defining the Good: A Vulnerability
  • Classifying Computer Security Failures
  • Pollution: The Pricing Analogy
  • Allocating Property Rights
  • Jump Starting Trading
  • Constructing A Vulnerabilty
  • Conclusions

Additional Notes and Highlights

Expertise Required: Economics - Low