Difference between revisions of "Why Information Security is Hard"

From Cybersecurity Wiki
Jump to: navigation, search
Line 3: Line 3:
 
==Full Citation==
 
==Full Citation==
  
Ross Anderson, ''Why Information Security is Hard -- An Economic Perspective'', 17th Annual Computer Security Applications Conference (ACSAC'01), IEEE Computer Society, Decembe, 2001. [http://www.acsac.org/2001/papers/110.pdf  ''Web''] [http://www.cl.cam.ac.uk/~rja14/Papers/econ.pdf ''AltUrl'']
+
Ross Anderson, ''Why Information Security is Hard -- An Economic Perspective'', 17th Annual Computer Security Applications Conference (ACSAC'01), IEEE Computer Society, December, 2001. [http://www.acsac.org/2001/papers/110.pdf  ''Web''] [http://www.cl.cam.ac.uk/~rja14/Papers/econ.pdf ''AltUrl'']
  
 
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&view=detailed&startkey=Anderson_R:2001&f=wikibiblio.bib ''BibTeX'']
 
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&view=detailed&startkey=Anderson_R:2001&f=wikibiblio.bib ''BibTeX'']

Revision as of 11:33, 28 May 2010

Why Information Security is Hard -- An Economic Perspective

Full Citation

Ross Anderson, Why Information Security is Hard -- An Economic Perspective, 17th Annual Computer Security Applications Conference (ACSAC'01), IEEE Computer Society, December, 2001. Web AltUrl

BibTeX

Categorization

Issues: Economics of Cybersecurity

Key Words

See the article itself for any key words as a starting point

Synopsis

According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. In this note, I put forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the common.

Additional Notes and Highlights

* Outline key points of interest