• DocumentCode
    2360034
  • Title

    Why information security is hard - an economic perspective

  • Author

    Anderson, Ross

  • Author_Institution
    Comput. Lab., Cambridge Univ., UK
  • fYear
    2001
  • fDate
    10-14 Dec. 2001
  • Firstpage
    358
  • Lastpage
    365
  • Abstract
    According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. The author puts forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons.
  • Keywords
    economics; security of data; adverse selection; asymmetric information; information security; liability dumping; moral hazard; network externalities; Access control; Computer crime; Computer security; Cryptographic protocols; Ethics; Floods; Information security; Laboratories; Microeconomics; Protection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
  • Print_ISBN
    0-7695-1405-7
  • Type

    conf

  • DOI
    10.1109/ACSAC.2001.991552
  • Filename
    991552
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2360034