Difference between revisions of "Making the Best Use of Cybersecurity Economic Models"

From Cybersecurity Wiki
Jump to navigation Jump to search
Line 9: Line 9:
Issues: [[Metrics]], [[Risk management and investment]]
Issues: [[Metrics]]; [[Risk management and investment]]
==Key Words==  
==Key Words==  
[http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Risk_Modeling risk modeling]
[http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Risk_Modeling Risk Modeling]

Revision as of 14:59, 17 June 2010

Full Title of Reference

Full Citation

Rachel Rue and Shari Lawrence Pfleeger, Making the Best Use of Cybersecurity Economic Models, 7 IEEE Security and Privacy 4 (2009). Purchase



Issues: Metrics; Risk management and investment

Key Words

Risk Modeling


This article describes an analysis of several representative cybersecurity economic models, where the authors seek to determine whether each model's underlying assumptions are realistic and useful. They find that many of the assumptions are the same across disparate models, and most assumptions are far from realistic. They recommend several changes so that the predictions from economic models can be more relevant and useful.

Additional Notes and Highlights

Both authors are from RAND corporation. Their article provides a useful overview of the main models for modeling cybersecurity risks, as well as a stimulating critical approach to these models.