E-Book, Englisch, 347 Seiten
Johnson Managing Information Risk and the Economics of Security
1. Auflage 2009
ISBN: 978-0-387-09762-6
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 347 Seiten
ISBN: 978-0-387-09762-6
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
Security has been a human concern since the dawn of time. With the rise of the digital society, information security has rapidly grown to an area of serious study and ongoing research. While much research has focused on the technical aspects of computer security, far less attention has been given to the management issues of information risk and the economic concerns facing firms and nations. Managing Information Risk and the Economics of Security provides leading edge thinking on the security issues facing managers, policy makers, and individuals. Many of the chapters of this volume were presented and debated at the 2008 Workshop on the Economics of Information Security (WEIS), hosted by the Tuck School of Business at Dartmouth College. Sponsored by Tuck's Center for Digital Strategies and the Institute for Information Infrastructure Protection (I3P), the conference brought together over one hundred information security experts, researchers, academics, reporters, corporate executives, government officials, cyber crime investigators and prosecutors. The group represented the global nature of information security with participants from China, Italy, Germany, Canada, Australia, Denmark, Japan, Sweden, Switzerland, the United Kingdom and the US. This volume would not be possible without the dedicated work Xia Zhao (of Dartmouth College and now the University of North Carolina, Greensboro) who acted as the technical editor.
Autoren/Hrsg.
Weitere Infos & Material
1;Preface;7
2;Table of Contents;9
3;Managing Information Risk and the Economics of Security;15
3.1;1 Introduction;15
3.2;2 Communicating Security – The Role of Media;16
3.3;3 Investigating and Prosecuting Cybercrime;20
3.4;4 CISO Perspective – Evaluating and Communicating Information Risk;22
3.5;5 Overview of Book;28
3.6;References;29
4;Nonbanks and Risk in Retail Payments: EU and U.S.;31
4.1;1 Introduction;31
4.2;2 Nonbanks in Retail Payment Systems;32
4.3;3 Risks in Retail Payments Processing;47
4.4;4 Impact of Nonbanks on Risk;56
4.5;5 Conclusions and Closing Remarks;63
4.6;Acknowledgments;65
4.7;References;65
5;Security Economics and European Policy;68
5.1;1 Introduction;68
5.2;2 Information Asymmetries;72
5.3;3 Externalities;76
5.4;4 Liability Assignment;79
5.5;5 Dealing with the Lack of Diversity;86
5.6;6 Fragmentation of Legislation and Law Enforcement;88
5.7;7 Security Research and Legislation;89
5.8;8 Conclusions;90
5.9;Acknowledgments;91
5.10;References;91
6;BORIS –Business ORiented management of Information Security;94
6.1;1 Introduction;94
6.2;2 BORIS design;97
6.3;3 Evaluation;107
6.4;4 Conclusion and Outlook;108
6.5;References;109
7;Productivity Space of Information Security in an Extension of the Gordon-Loeb’s Investment Model;111
7.1;1 Introduction;111
7.2;2 The Two Reductions;112
7.3;3 Productivity Space of Information Security;114
7.4;4 Implications and Limitations;122
7.5;5 Concluding Remarks;128
7.6;Acknowledgments;128
7.7;References;129
7.8;Appendix;130
8;Communicating the Economic Value of Security Investments: Value at Security Risk;132
8.1;1 Introduction and Problem Situation;132
8.2;2 Background and Preliminaries;134
8.3;3 Problem Formulations: Value-at-Risk;135
8.4;4 Value-at-Security Risk Model: Assumptions;135
8.5;5 Our Parametric Model;136
8.6;7 Analysis of Authentic Data: Model Evaluation;142
8.7;8 Comments and Conclusions: Present and Future Work;149
8.8;References;150
9;Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security;152
9.1;1 Introduction;152
9.2;2 The Central Bank Problem and Information Security;154
9.3;3 An Empirical Study;156
9.4;4 The Conceptual Model;158
9.5;5 An Executable Model;166
9.6;6 The Experimental Space;168
9.7;7 Conclusions and Directions;172
9.8;Acknowledgments;173
9.9;References;173
10;The Value of Escalation and Incentives in Managing Information Access;175
10.1;1 Introduction;175
10.2;2 Background and Solution Framework;177
10.3;3 Literature Review;180
10.4;4 Economic Modeling of an Information Governance System;180
10.5;5 Overview of Insights and Results;182
10.6;6 Conclusion;185
10.7;References;186
11;Reinterpreting the Disclosure Debate for Web Infections;188
11.1;1 Introduction;188
11.2;2 Attack Trends;190
11.3;3 Market Failure: Consumer Webmasters and Mid-Tier Web Hosts;195
11.4;4 Vulnerability Disclosure;197
11.5;5 Methods for Identifying Most-Infected Web Hosts;199
11.6;6 Web Host Infection Results;200
11.7;7 Recommendations;203
11.8;8 Conclusion;205
11.9;Acknowledgments;205
11.10;References;205
12;The Impact of Incentives on Notice and Take-down;207
12.1;1 Introduction;207
12.2;2 Defamation;208
12.3;3 Copyright Violations;210
12.4;4 Child Sexual Abuse Images;211
12.5;5 Phishing;213
12.6;6 Fraudulent Websites;219
12.7;7 Spam, Malware and Viruses;224
12.8;8 Comparing Take-down Effectiveness;225
12.9;9 Conclusion;229
12.10;Acknowledgments;230
12.11;References;230
13;Studying Malicious Websites and the Underground Economy on the Chinese Web;232
13.1;1 Introduction;232
13.2;2 Related Work;234
13.3;3 Underground Economy Model;235
13.4;4 Mechanisms Behind Malicious Websites on the Chinese Web;239
13.5;5 Measurements and Results;245
13.6;6 Conclusions;250
13.7;Acknowledgments;251
13.8;References;251
14;Botnet Economics: Uncertainty Matters;252
14.1;1 Introduction;252
14.2;2 Background and Related Work;254
14.3;3 The Benchmark Model;256
14.4;4 Optimization Model With Virtual Machines;260
14.5;5 Further Discussion and Case Study;266
14.6;6 Conclusion and Future Work;273
14.7;References;274
