Title :
The iterated weakest link
Author :
Bohme, Rainer ; Moore, Tyler
Author_Institution :
Int. Comput. Sci. Inst., Berkeley, CA, USA
Abstract :
Security breaches are in the news almost daily, each bigger and more costly than the last. We believe an iterated weakest-link model accurately captures the challenges of many information security threats today. Our findings suggest a need to reassess conclusions that condemn seemingly lax security practices found in the media. Our model can assist policy makers in reducing negative externalities as consequences (not causes) of insecurity by better predicting situations that hinder proactive investment. The model also helps identify influential factors-notably, uncertainty about attacks-so that firms and managers can derive incentive based countermeasures.
Keywords :
security of data; information security; iterated weakest-link model; proactive investment; security breaches; Information security; Investments; Predictive models; Uncertainty; ROSI; economics; optimal security investment under uncertainty; security;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2010.51
