Economics of Cybersecurity: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
''[[Table of Contents | TOC->]][[Issues | Issues->]][[Economics of Cybersecurity]]'' | ''[[Table of Contents | TOC->]][[Issues | Issues->]][[Economics of Cybersecurity]]'' | ||
{| class="wikitable sortable" border="1" cellpadding="1" cellspacing="0" style="border: 1px solid LightGrey;" | {| class="wikitable sortable" border="1" cellpadding="1" cellspacing="0" style="border: 1px solid LightGrey;" | ||
| Line 36: | Line 12: | ||
|- | |- | ||
|Anderson, Ross J.||||2008||[[Security Engineering]]||Book||Moderate:Technology; Moderate:Cryptography||N/A | |Anderson, Ross J.||||2008||[[Security Engineering]]||Book||Moderate:Technology; Moderate:Cryptography||N/A | ||
|- | |||
|Anderson, Ross, et. al|| ||2008||[[Security Economics and the Internal Market]]||Study||Low:Economics||[http://www.enisa.europa.eu/act/sr/reports/econ-sec/economics-sec/at_download/fullReport ''Pdf''] | |||
|- | |- | ||
|Anderson, Ross||||2001||[[Why Information Security is Hard]]||Conf. Paper||None||[http://www.acsac.org/2001/papers/110.pdf ''Pdf''] [http://www.cl.cam.ac.uk/~rja14/Papers/econ.pdf ''AltPdf''] | |Anderson, Ross||||2001||[[Why Information Security is Hard]]||Conf. Paper||None||[http://www.acsac.org/2001/papers/110.pdf ''Pdf''] [http://www.cl.cam.ac.uk/~rja14/Papers/econ.pdf ''AltPdf''] | ||
|- | |- | ||
|Anderson, Ross||Moore, Tyler||2006||[[The Economics of Information Security]]||Journal Article||Low:Economics||[http://people.seas.harvard.edu/~tmoore/science-econ.pdf ''Pdf''] | |Anderson, Ross||Moore, Tyler||2006||[[The Economics of Information Security]]||Journal Article||Low:Economics||[http://people.seas.harvard.edu/~tmoore/science-econ.pdf ''Pdf''] [http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.89.3331&rep=rep1&type=pdf ''AltPdf''] | ||
[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.89.3331&rep=rep1&type=pdf ''AltPdf | |||
|- | |- | ||
|Arora et al.||||2006||[[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]||Journal Article||Moderate:Economics||[http://www.heinz.cmu.edu/~rtelang/vuln_freq_ISF.pdf ''Pdf''] | |Arora et al.||||2006||[[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]||Journal Article||Moderate:Economics||[http://www.heinz.cmu.edu/~rtelang/vuln_freq_ISF.pdf ''Pdf''] | ||
|- | |- | ||
|Aviram, Amitai||Tor, Avishalom||2004||[[Overcoming Impediments to Information Sharing]]||Law Review||Low:Economics||[http://law.haifa.ac.il/faculty/lec_papers/tor/55Ala1.L.Rev.231.pdf ''Pdf''] [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=435600 ''SSRN''] | |Aviram, Amitai||Tor, Avishalom||2004||[[Overcoming Impediments to Information Sharing]]||Law Review||Low:Economics||[http://law.haifa.ac.il/faculty/lec_papers/tor/55Ala1.L.Rev.231.pdf ''Pdf''] [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=435600 ''SSRN''] | ||
|- | |||
|Bohme, Rainer||||2005||[[Cyber-Insurance Revisited]]||Conf. Paper||High:Economics||[http://infosecon.net/workshop/pdf/15.pdf ''Pdf''] | |||
|- | |- | ||
|Bohme, Rainer||Kataria, Gaurav||2006||[[Models and Measures for Correlation in Cyber-Insurance]]||Conf. Paper||High:Economics||[http://weis2006.econinfosec.org/docs/16.pdf ''Pdf''] | |Bohme, Rainer||Kataria, Gaurav||2006||[[Models and Measures for Correlation in Cyber-Insurance]]||Conf. Paper||High:Economics||[http://weis2006.econinfosec.org/docs/16.pdf ''Pdf''] | ||
| Line 55: | Line 32: | ||
|- | |- | ||
|Camp, L. Jean||Wolfram, Catherine||2004||[[Pricing Security]]||Book Chapter||Low:Economics||[http://books.google.com/books?id=PbzP9tgeDcAC&lpg=PA17&ots=8AOrvEojH5&dq=Economics%20of%20Information%20Security&lr&pg=PA17#v=onepage&q&f=false ''Web''] [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=894966 ''SSRN''] | |Camp, L. Jean||Wolfram, Catherine||2004||[[Pricing Security]]||Book Chapter||Low:Economics||[http://books.google.com/books?id=PbzP9tgeDcAC&lpg=PA17&ots=8AOrvEojH5&dq=Economics%20of%20Information%20Security&lr&pg=PA17#v=onepage&q&f=false ''Web''] [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=894966 ''SSRN''] | ||
|- | |||
|Clinton, Larry||||Undated||[[Cyber-Insurance Metrics and Impact on Cyber-Security]]||Online Paper||Low:Technology; Low:Law||[http://www.whitehouse.gov/files/documents/cyber/ISA%20-%20Cyber-Insurance%20Metrics%20and%20Impact%20on%20Cyber-Security.pdf ''Pdf''] | |||
|- | |- | ||
|Computer Economics, Inc.||||2007||[[2007 Malware Report]]||Industry Report||None||[http://www.computereconomics.com/article.cfm?id=1224 ''Purchase''] | |Computer Economics, Inc.||||2007||[[2007 Malware Report]]||Industry Report||None||[http://www.computereconomics.com/article.cfm?id=1224 ''Purchase''] | ||
|- | |||
|Computing Research Association||||2003||[[Four Grand Challenges in Trustworthy Computing]]||Independent Reports||None||[http://www.cyber.st.dhs.gov/docs/CRA%20Grand%20Challenges%202003.pdf ''Pdf''] | |||
|- | |||
|Department of Defense||||2007||[[Mission Impact of Foreign Influence on DoD Software]]||Government Report||Low:Defense Policy/Procurement||[http://www.cyber.st.dhs.gov/docs/Defense%20Science%20Board%20Task%20Force%20-%20Report%20on%20Mission%20Impact%20of%20Foreign%20Influence%20on%20DoD%20Software%20(2007).pdf ''Pdf''] | |||
|- | |||
|Financial Services Sector Coordinating Council for Critical Infrastructure Protection||||2008||[[Research Agenda for the Banking and Finance Sector]]||Independent Reports||None||[http://www.cyber.st.dhs.gov/docs/RD_Agenda-FINAL.pdf ''Pdf''] | |||
|- | |- | ||
|Franklin, Jason, et. al||||2007||[[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]||Conference Paper||Low:Statistics; Low:Economics||[http://sparrow.ece.cmu.edu/group/pub/franklin_paxson_perrig_savage_miscreants.pdf ''Pdf''] [http://www.cs.cmu.edu/~jfrankli/acmccs07/ccs07_franklin_eCrime.pdf ''Alt Pdf''] | |Franklin, Jason, et. al||||2007||[[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]||Conference Paper||Low:Statistics; Low:Economics||[http://sparrow.ece.cmu.edu/group/pub/franklin_paxson_perrig_savage_miscreants.pdf ''Pdf''] [http://www.cs.cmu.edu/~jfrankli/acmccs07/ccs07_franklin_eCrime.pdf ''Alt Pdf''] | ||
| Line 65: | Line 50: | ||
|- | |- | ||
|Granick, Jennifer Stisa||||2005||[[The Price of Restricting Vulnerability Publications]]||Law Review||Low/Moderate:Law||[http://www.ijclp.net/files/ijclp_web-doc_10-cy-2004.pdf ''Pdf''] | |Granick, Jennifer Stisa||||2005||[[The Price of Restricting Vulnerability Publications]]||Law Review||Low/Moderate:Law||[http://www.ijclp.net/files/ijclp_web-doc_10-cy-2004.pdf ''Pdf''] | ||
|- | |||
|Institute for Information Infrastructure Protection||||2003||[[Cyber Security Research and Development Agenda]]||Independent Reports||Low/None:Technology||[http://www.cyber.st.dhs.gov/docs/I3P%20Research%20Agenda%202003.pdf ''Pdf''] | |||
|- | |- | ||
|Johnson, Eric M.||||2008||[[Managing Information Risk and the Economics of Security]]||Book||High:Economics||N/A | |Johnson, Eric M.||||2008||[[Managing Information Risk and the Economics of Security]]||Book||High:Economics||N/A | ||
| Line 73: | Line 60: | ||
|- | |- | ||
|Lernard, Thomas M.||Rubin, Paul H.||2005||[[An Economic Analysis of Notification Requirements for Data Security Breaches]]||Online Paper||Low:Economics||[http://www.pff.org/issues-pubs/pops/pop12.12datasecurity.pdf ''Pdf''] | |Lernard, Thomas M.||Rubin, Paul H.||2005||[[An Economic Analysis of Notification Requirements for Data Security Breaches]]||Online Paper||Low:Economics||[http://www.pff.org/issues-pubs/pops/pop12.12datasecurity.pdf ''Pdf''] | ||
|- | |||
|Moore, Tyler, et. al||||2009||[[The Economics of Online Crime]]||Journal Article||Low:Technology||[http://people.seas.harvard.edu/~tmoore/jep09.pdf ''Pdf''] | |||
|- | |- | ||
|Moore, Tyler||Clayton, Richard||2009||[[The Impact of Incentives on Notice and Take-down]]||Book Chapter||Moderate:Technology; Low:Law||[http://weis2008.econinfosec.org/papers/MooreImpact.pdf ''Pdf''] | |Moore, Tyler||Clayton, Richard||2009||[[The Impact of Incentives on Notice and Take-down]]||Book Chapter||Moderate:Technology; Low:Law||[http://weis2008.econinfosec.org/papers/MooreImpact.pdf ''Pdf''] | ||
|- | |- | ||
| | |National Cyber Defense Initiative||||2009||[[National Cyber Defense Financial Services Workshop Report]]||Independent Report||Moderate:Financial Services Infrastructure; Moderate:Acronym Tolerance||[http://www.cyber.st.dhs.gov/docs/NCDI_FI_Workshop_Report.pdf ''Pdf''] | ||
|- | |||
|National Institute of Standards and Technology||||2006||[[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]||Government Report||Moderate:Technology||[http://www.cyber.st.dhs.gov/docs/NIST%20Guide%20to%20Supervisory%20and%20Data%20Acquisition-SCADA%20and%20Industrial%20Control%20Systems%20Security%20(2007).pdf ''Pdf''] | |||
|- | |||
|National Research Council||||2007||[[Toward a Safer and More Secure Cyberspace]]||Independent Reports||Low:Research Processes; Low:Technology||[http://www.cyber.st.dhs.gov/docs/Toward_a_Safer_and_More_Secure_Cyberspace-Full_report.pdf ''Pdf''] | |||
|- | |||
|National Research Council||||1999||[[Trust in Cyberspace]]||Independent Reports||Moderate:Technology||[http://www.cyber.st.dhs.gov/docs/Trust%20in%20Cyberspace%20Report%201999.pdf ''Pdf''] | |||
|- | |||
|Powell, Benjamin||||2005||[[Is Cybersecurity a Public Good]]||Law Review||Low/Moderate:Economics||[http://www.independent.org/pdf/working_papers/57_cyber.pdf ''Pdf''] [http://www.ciaonet.org/wps/pob03/pob03.pdf ''AltPdf''] | |||
|- | |- | ||
| | |Romanosky et al.||||2008||[[Do Data Breach Disclosure Laws Reduce Identity Theft]]||Moderate:Economics||Conf. Paper||[http://weis2008.econinfosec.org/papers/Romanosky.pdf ''Pdf''] | ||
|- | |- | ||
|Schneier, Bruce||||2003||[[Beyond Fear]]||Book||None||[http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 ''Scribd''] | |Schneier, Bruce||||2003||[[Beyond Fear]]||Book||None||[http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 ''Scribd''] | ||
|- | |||
|Schneier, Bruce||||2008||[[Schneier on Security]]||Book||None||[http://www.schneier.com/book-sos.html ''Purchase''] | |||
|- | |||
|Schwartz, Paul||Janger, Edward||2007||[[Notification of Data Security Breaches]]||Law Review||Low:Law; Low:Economics||[http://www.michiganlawreview.org/assets/pdfs/105/5/schwartz.pdf ''Pdf''] | |||
|- | |- | ||
|Stohl, Michael||||2006||[[Cyber Terrorism]]||Journal Article||None||[http://www.ingentaconnect.com/content/klu/cris/2006/00000046/F0020004/00009061 ''Purchase''] | |Stohl, Michael||||2006||[[Cyber Terrorism]]||Journal Article||None||[http://www.ingentaconnect.com/content/klu/cris/2006/00000046/F0020004/00009061 ''Purchase''] | ||
| Line 94: | Line 94: | ||
|- | |- | ||
|Thomas, Rob||Martin, Jerry||2006||[[The Underground Economy]]||Journal Article||Low:Technology||[http://www.usenix.org/publications/login/2006-12/openpdfs/cymru.pdf ''Pdf''] | |Thomas, Rob||Martin, Jerry||2006||[[The Underground Economy]]||Journal Article||Low:Technology||[http://www.usenix.org/publications/login/2006-12/openpdfs/cymru.pdf ''Pdf''] | ||
|- | |||
|United States Secret Service||||2004||[[Insider Threat Study]]||Government Report||None||[http://www.cyber.st.dhs.gov/docs/its_report_040820.pdf ''Pdf''] | |||
|- | |- | ||
|van Eeten, Michel J. G.||Bauer, Johannes M.||2008||[[Economics of Malware]]||Non-US Govt. Report||Moderate:Economics||[http://www.oecd.org/dataoecd/53/17/40722462.pdf ''Pdf''] | |van Eeten, Michel J. G.||Bauer, Johannes M.||2008||[[Economics of Malware]]||Non-US Govt. Report||Moderate:Economics||[http://www.oecd.org/dataoecd/53/17/40722462.pdf ''Pdf''] | ||
| Line 100: | Line 102: | ||
|- | |- | ||
|Varian, Hal||||2004||[[System Reliability and Free Riding]]||Book Chapter||High:Economics||[http://www.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/48-old.pdf ''Pdf''] [http://people.ischool.berkeley.edu/~hal/Papers/2004/reliability ''AltPdf''] | |Varian, Hal||||2004||[[System Reliability and Free Riding]]||Book Chapter||High:Economics||[http://www.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/48-old.pdf ''Pdf''] [http://people.ischool.berkeley.edu/~hal/Papers/2004/reliability ''AltPdf''] | ||
|- | |||
|Verizon||||2010||[[2010 Data Breach Investigations Report]]||Industry Report||Low:Technology||[http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf ''Pdf''] | |||
|} | |} | ||
Revision as of 12:17, 20 August 2010
TOC-> Issues->Economics of Cybersecurity
| Author 1 | Author 2 | Year | Title | Source | Expertise | Full Text |
|---|---|---|---|---|---|---|
| Anderson, Ross J. | 2008 | Security Engineering | Book | Moderate:Technology; Moderate:Cryptography | N/A | |
| Anderson, Ross, et. al | 2008 | Security Economics and the Internal Market | Study | Low:Economics | ||
| Anderson, Ross | 2001 | Why Information Security is Hard | Conf. Paper | None | Pdf AltPdf | |
| Anderson, Ross | Moore, Tyler | 2006 | The Economics of Information Security | Journal Article | Low:Economics | Pdf AltPdf |
| Arora et al. | 2006 | Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Journal Article | Moderate:Economics | ||
| Aviram, Amitai | Tor, Avishalom | 2004 | Overcoming Impediments to Information Sharing | Law Review | Low:Economics | Pdf SSRN |
| Bohme, Rainer | 2005 | Cyber-Insurance Revisited | Conf. Paper | High:Economics | ||
| Bohme, Rainer | Kataria, Gaurav | 2006 | Models and Measures for Correlation in Cyber-Insurance | Conf. Paper | High:Economics | |
| Bohme, Rainer | Schwartz, Galina | 2010 | Modeling Cyber-Insurance | Conf. Paper | High:Economics | |
| Camp, L. Jean | Lewis, Stephen | 2004 | Economics of Information Security | Book | High:Economics | N/A |
| Camp, L. Jean | Wolfram, Catherine | 2004 | Pricing Security | Book Chapter | Low:Economics | Web SSRN |
| Clinton, Larry | Undated | Cyber-Insurance Metrics and Impact on Cyber-Security | Online Paper | Low:Technology; Low:Law | ||
| Computer Economics, Inc. | 2007 | 2007 Malware Report | Industry Report | None | Purchase | |
| Computing Research Association | 2003 | Four Grand Challenges in Trustworthy Computing | Independent Reports | None | ||
| Department of Defense | 2007 | Mission Impact of Foreign Influence on DoD Software | Government Report | Low:Defense Policy/Procurement | ||
| Financial Services Sector Coordinating Council for Critical Infrastructure Protection | 2008 | Research Agenda for the Banking and Finance Sector | Independent Reports | None | ||
| Franklin, Jason, et. al | 2007 | An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants | Conference Paper | Low:Statistics; Low:Economics | Pdf Alt Pdf | |
| Gandal, Neil | 2008 | An Introduction to Key Themes in the Economics of Cyber Security | Book Chapter | Low:Economics | ||
| Grady, Mark F. | Parisi, Francesco | 2006 | The Law and Economics of Cybersecurity | Book | Low:Economics; Low:Law | N/A |
| Granick, Jennifer Stisa | 2005 | The Price of Restricting Vulnerability Publications | Law Review | Low/Moderate:Law | ||
| Institute for Information Infrastructure Protection | 2003 | Cyber Security Research and Development Agenda | Independent Reports | Low/None:Technology | ||
| Johnson, Eric M. | 2008 | Managing Information Risk and the Economics of Security | Book | High:Economics | N/A | |
| Johnson, Vincent R. | 2005 | Cybersecurity, Identity Theft, and the Limits of Tort Liability | Law Review | Moderate:Law | Pdf AltPdf | |
| Kobayashi, Bruce H. | 2006 | An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods | Journal Article | High:Economics | ||
| Lernard, Thomas M. | Rubin, Paul H. | 2005 | An Economic Analysis of Notification Requirements for Data Security Breaches | Online Paper | Low:Economics | |
| Moore, Tyler, et. al | 2009 | The Economics of Online Crime | Journal Article | Low:Technology | ||
| Moore, Tyler | Clayton, Richard | 2009 | The Impact of Incentives on Notice and Take-down | Book Chapter | Moderate:Technology; Low:Law | |
| National Cyber Defense Initiative | 2009 | National Cyber Defense Financial Services Workshop Report | Independent Report | Moderate:Financial Services Infrastructure; Moderate:Acronym Tolerance | ||
| National Institute of Standards and Technology | 2006 | SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security | Government Report | Moderate:Technology | ||
| National Research Council | 2007 | Toward a Safer and More Secure Cyberspace | Independent Reports | Low:Research Processes; Low:Technology | ||
| National Research Council | 1999 | Trust in Cyberspace | Independent Reports | Moderate:Technology | ||
| Powell, Benjamin | 2005 | Is Cybersecurity a Public Good | Law Review | Low/Moderate:Economics | Pdf AltPdf | |
| Romanosky et al. | 2008 | Do Data Breach Disclosure Laws Reduce Identity Theft | Moderate:Economics | Conf. Paper | ||
| Schneier, Bruce | 2003 | Beyond Fear | Book | None | Scribd | |
| Schneier, Bruce | 2008 | Schneier on Security | Book | None | Purchase | |
| Schwartz, Paul | Janger, Edward | 2007 | Notification of Data Security Breaches | Law Review | Low:Law; Low:Economics | |
| Stohl, Michael | 2006 | Cyber Terrorism | Journal Article | None | Purchase | |
| Swire, Peter P. | 2004 | A Model for When Disclosure Helps Security | Law Review | Low/Moderate:Logic | PdfSSRN | |
| Swire, Peter P. | 2006 | A Theory of Disclosure for Security and Competitive Reasons | Law Review | Low/Moderate:Logic | SSRN | |
| Symantec Corporation | 2010 | Symantec Global Internet Security Threat Report | Industry Report | Low/Moderate:Technology | ||
| Telang, Rahul | Wattal, Sunil | 2007 | Impact of Software Vulnerability Announcements on the Market Value of Software Vendors | Journal Article | Moderate:Economics | [http://infosecon.net/workshop/pdf/telang_wattal.pdf Pdf |
| Thomas, Rob | Martin, Jerry | 2006 | The Underground Economy | Journal Article | Low:Technology | |
| United States Secret Service | 2004 | Insider Threat Study | Government Report | None | ||
| van Eeten, Michel J. G. | Bauer, Johannes M. | 2008 | Economics of Malware | Non-US Govt. Report | Moderate:Economics | |
| Varian, Hal | 2000 | Managing Online Security Risks | Newspaper Article | None | Web | |
| Varian, Hal | 2004 | System Reliability and Free Riding | Book Chapter | High:Economics | Pdf AltPdf | |
| Verizon | 2010 | 2010 Data Breach Investigations Report | Industry Report | Low:Technology |
Subcategories: