Managing Information Risk and the Economics of Security: Difference between revisions
No edit summary |
|||
| Line 43: | Line 43: | ||
* Cyber Policy and Regulation | * Cyber Policy and Regulation | ||
** Nonbanks and Risk in Retail Payments: EU and U.S. | ** Nonbanks and Risk in Retail Payments: EU and U.S. | ||
<blockquote> | |||
This chapter documents the importance of nonbanks in retail payments in the United States and in 15 European countries and analyses the implications of the importance and multiple roles played by nonbanks on retail payment risks. Nonbanks play multiple roles along the entire payment processing chain. They are prominent in the United States and their presence is high and growing in Europe as well, although there are differences among the various countries and payments classes. The presence of nonbanks has shifted the locus of risks in retail payments towards greater relevance of operational and fraud risk. The chapter reviews the main safeguards in place, and concludes that there may be a need to reconsider | |||
some of them in view of the growing role of nonbanks and of the global reach of risks in the electronic era. | |||
</blockquote> | |||
** Security Economics and European Policy | ** Security Economics and European Policy | ||
<blockquote> | |||
</blockquote> | |||
* Risk Management and Security Investment | * Risk Management and Security Investment | ||
** BORIS –Business Oriented management of Information Security | ** BORIS –Business Oriented management of Information Security | ||
<blockquote> | |||
</blockquote> | |||
** Productivity Space of Information Security in an Extension of the Gordon-Loeb’s Investment Model | ** Productivity Space of Information Security in an Extension of the Gordon-Loeb’s Investment Model | ||
<blockquote> | |||
</blockquote> | |||
** Communicating the Economic Value of Security Investments; Value at Security Risk | ** Communicating the Economic Value of Security Investments; Value at Security Risk | ||
<blockquote> | |||
</blockquote> | |||
* Technology and Policy Adoption | * Technology and Policy Adoption | ||
** Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security | ** Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security | ||
<blockquote> | |||
</blockquote> | |||
** The Value of Escalation and Incentives in Managing Information Access | ** The Value of Escalation and Incentives in Managing Information Access | ||
<blockquote> | <blockquote> | ||
| Line 57: | Line 76: | ||
* Combating Cybercrime | * Combating Cybercrime | ||
** Reinterpreting the Disclosure Debate for Web Infections | ** Reinterpreting the Disclosure Debate for Web Infections | ||
<blockquote> | |||
</blockquote> | |||
** The Impact of Incentives on Notice and Take-down | ** The Impact of Incentives on Notice and Take-down | ||
<blockquote> | |||
</blockquote> | |||
** Studying Malicious Websites and the Underground Economy on the Chinese Web | ** Studying Malicious Websites and the Underground Economy on the Chinese Web | ||
<blockquote> | |||
</blockquote> | |||
** Botnet Economics: Uncertainty Matters | ** Botnet Economics: Uncertainty Matters | ||
<blockquote> | |||
</blockquote> | |||
** Cyber Insurance as an Incentive for Internet Security | ** Cyber Insurance as an Incentive for Internet Security | ||
<blockquote> | |||
</blockquote> | |||
* Privacy and Trust | * Privacy and Trust | ||
** Conformity or Diversity: Social Implications of Transparency in Personal Data Processing | ** Conformity or Diversity: Social Implications of Transparency in Personal Data Processing | ||
<blockquote> | |||
</blockquote> | |||
** Is Distributed Trust More Trustworthy? | ** Is Distributed Trust More Trustworthy? | ||
<blockquote> | |||
</blockquote> | |||
Managing Information Risk and the Economics of Security is designed for managers, policy makers, and researchers focusing on economics of information security, as well as for advanced-level students in computer science, business management and economics. | Managing Information Risk and the Economics of Security is designed for managers, policy makers, and researchers focusing on economics of information security, as well as for advanced-level students in computer science, business management and economics. | ||
Revision as of 10:55, 29 June 2010
Full Title of Reference
Managing Information Risk and the Economics of Security
Full Citation
M. Eric Johnson, Managing Information Risk and the Economics of Security (2008). Purchase
Categorization
- Overview: Books
- Threats and Actors: Financial Institutions and Networks; States
- Issues: Cybercrime; Economics of Cybersecurity; Incentives; Information Sharing/Disclosure; Insurance; Metrics; Risk Management and Investment
- Approaches: Deterrence; Regulation/Liability
Key Words
Antivirus, Botnet, Cyber Crime, Cyber Security as an Externality, Disclosure Policy, Information Asymmetries, Internet Service Providers, Malware, Notice and Take-down, Patching, Phishing, Risk Modeling, SPAM, State Affiliation, Tragedy of Commons, Transparency
Synopsis
TThe lifeblood of the global economy, information has become a source of growing risk as more firms maintain information online. With risks now fueled by sophisticated, organized, malicious groups, information security requires not only technology, but a clear understanding of potential risks, decision-making behaviors, and metrics for evaluating business and policy options.
Managing Information Risk and the Economics of Security, an edited volume contributed by well-established researchers in the field worldwide, presents the latest research on economics driving both the risks and the solutions. Covering the implications of policy within firms and across countries, this volume provides managers and policy makers with new thinking on how to manage risk. The chapters are broken down into five major sections:
- Cyber Policy and Regulation
- Nonbanks and Risk in Retail Payments: EU and U.S.
This chapter documents the importance of nonbanks in retail payments in the United States and in 15 European countries and analyses the implications of the importance and multiple roles played by nonbanks on retail payment risks. Nonbanks play multiple roles along the entire payment processing chain. They are prominent in the United States and their presence is high and growing in Europe as well, although there are differences among the various countries and payments classes. The presence of nonbanks has shifted the locus of risks in retail payments towards greater relevance of operational and fraud risk. The chapter reviews the main safeguards in place, and concludes that there may be a need to reconsider some of them in view of the growing role of nonbanks and of the global reach of risks in the electronic era.
- Security Economics and European Policy
- Risk Management and Security Investment
- BORIS –Business Oriented management of Information Security
- Productivity Space of Information Security in an Extension of the Gordon-Loeb’s Investment Model
- Communicating the Economic Value of Security Investments; Value at Security Risk
- Technology and Policy Adoption
- Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security
- The Value of Escalation and Incentives in Managing Information Access
Managing information access within large enterprises is increasingly challenging. With thousands of employees accessing thousands of applications and data sources, managers strive to ensure the employees can access the information they need to create value while protecting information from misuse. We examine an information governance approach based on controls and incentives, where employees’ self-interested behavior can result in firm-optimal use of information. Using insights gained from a game-theoretic model, we illustrate how an incentives-based policy with escalation can control both over and under-entitlement while maintaining the flexibility.
- Combating Cybercrime
- Reinterpreting the Disclosure Debate for Web Infections
- The Impact of Incentives on Notice and Take-down
- Studying Malicious Websites and the Underground Economy on the Chinese Web
- Botnet Economics: Uncertainty Matters
- Cyber Insurance as an Incentive for Internet Security
- Privacy and Trust
- Conformity or Diversity: Social Implications of Transparency in Personal Data Processing
- Is Distributed Trust More Trustworthy?
Managing Information Risk and the Economics of Security is designed for managers, policy makers, and researchers focusing on economics of information security, as well as for advanced-level students in computer science, business management and economics.