Title :
Why information security is hard - an economic perspective
Author_Institution :
Comput. Lab., Cambridge Univ., UK
Abstract :
According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. The author puts forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons.
Keywords :
economics; security of data; adverse selection; asymmetric information; information security; liability dumping; moral hazard; network externalities; Access control; Computer crime; Computer security; Cryptographic protocols; Ethics; Floods; Information security; Laboratories; Microeconomics; Protection;
Conference_Titel :
Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
Print_ISBN :
0-7695-1405-7
DOI :
10.1109/ACSAC.2001.991552
