Managing Information Risk and the Economics of Security (eBook)
XIV, 347 Seiten
Springer US (Verlag)
978-0-387-09762-6 (ISBN)
Security has been a human concern since the dawn of time. With the rise of the digital society, information security has rapidly grown to an area of serious study and ongoing research. While much research has focused on the technical aspects of computer security, far less attention has been given to the management issues of information risk and the economic concerns facing firms and nations. Managing Information Risk and the Economics of Security provides leading edge thinking on the security issues facing managers, policy makers, and individuals. Many of the chapters of this volume were presented and debated at the 2008 Workshop on the Economics of Information Security (WEIS), hosted by the Tuck School of Business at Dartmouth College. Sponsored by Tuck's Center for Digital Strategies and the Institute for Information Infrastructure Protection (I3P), the conference brought together over one hundred information security experts, researchers, academics, reporters, corporate executives, government officials, cyber crime investigators and prosecutors. The group represented the global nature of information security with participants from China, Italy, Germany, Canada, Australia, Denmark, Japan, Sweden, Switzerland, the United Kingdom and the US. This volume would not be possible without the dedicated work Xia Zhao (of Dartmouth College and now the University of North Carolina, Greensboro) who acted as the technical editor.
Preface 7
Table of Contents 9
Managing Information Risk and the Economics of Security 15
1 Introduction 15
2 Communicating Security – The Role of Media 16
3 Investigating and Prosecuting Cybercrime 20
4 CISO Perspective – Evaluating and Communicating Information Risk 22
5 Overview of Book 28
References 29
Nonbanks and Risk in Retail Payments: EU and U.S. 31
1 Introduction 31
2 Nonbanks in Retail Payment Systems 32
3 Risks in Retail Payments Processing 47
4 Impact of Nonbanks on Risk 56
5 Conclusions and Closing Remarks 63
Acknowledgments 65
References 65
Security Economics and European Policy 68
1 Introduction 68
2 Information Asymmetries 72
3 Externalities 76
4 Liability Assignment 79
5 Dealing with the Lack of Diversity 86
6 Fragmentation of Legislation and Law Enforcement 88
7 Security Research and Legislation 89
8 Conclusions 90
Acknowledgments 91
References 91
BORIS –Business ORiented management of Information Security 94
1 Introduction 94
2 BORIS design 97
3 Evaluation 107
4 Conclusion and Outlook 108
References 109
Productivity Space of Information Security in an Extension of the Gordon-Loeb’s Investment Model 111
1 Introduction 111
2 The Two Reductions 112
3 Productivity Space of Information Security 114
4 Implications and Limitations 122
5 Concluding Remarks 128
Acknowledgments 128
References 129
Appendix 130
Communicating the Economic Value of Security Investments: Value at Security Risk 132
1 Introduction and Problem Situation 132
2 Background and Preliminaries 134
3 Problem Formulations: Value-at-Risk 135
4 Value-at-Security Risk Model: Assumptions 135
5 Our Parametric Model 136
7 Analysis of Authentic Data: Model Evaluation 142
8 Comments and Conclusions: Present and Future Work 149
References 150
Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security 152
1 Introduction 152
2 The Central Bank Problem and Information Security 154
3 An Empirical Study 156
4 The Conceptual Model 158
5 An Executable Model 166
6 The Experimental Space 168
7 Conclusions and Directions 172
Acknowledgments 173
References 173
The Value of Escalation and Incentives in Managing Information Access 175
1 Introduction 175
2 Background and Solution Framework 177
3 Literature Review 180
4 Economic Modeling of an Information Governance System 180
5 Overview of Insights and Results 182
6 Conclusion 185
References 186
Reinterpreting the Disclosure Debate for Web Infections 188
1 Introduction 188
2 Attack Trends 190
3 Market Failure: Consumer Webmasters and Mid-Tier Web Hosts 195
4 Vulnerability Disclosure 197
5 Methods for Identifying Most-Infected Web Hosts 199
6 Web Host Infection Results 200
7 Recommendations 203
8 Conclusion 205
Acknowledgments 205
References 205
The Impact of Incentives on Notice and Take-down 207
1 Introduction 207
2 Defamation 208
3 Copyright Violations 210
4 Child Sexual Abuse Images 211
5 Phishing 213
6 Fraudulent Websites 219
7 Spam, Malware and Viruses 224
8 Comparing Take-down Effectiveness 225
9 Conclusion 229
Acknowledgments 230
References 230
Studying Malicious Websites and the Underground Economy on the Chinese Web 232
1 Introduction 232
2 Related Work 234
3 Underground Economy Model 235
4 Mechanisms Behind Malicious Websites on the Chinese Web 239
5 Measurements and Results 245
6 Conclusions 250
Acknowledgments 251
References 251
Botnet Economics: Uncertainty Matters 252
1 Introduction 252
2 Background and Related Work 254
3 The Benchmark Model 256
4 Optimization Model With Virtual Machines 260
5 Further Discussion and Case Study 266
6 Conclusion and Future Work 273
References 274
Erscheint lt. Verlag | 5.4.2009 |
---|---|
Zusatzinfo | XIV, 347 p. 20 illus. |
Verlagsort | New York |
Sprache | englisch |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Informatik ► Theorie / Studium ► Kryptologie | |
Naturwissenschaften | |
Sozialwissenschaften ► Politik / Verwaltung | |
Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management | |
Wirtschaft ► Volkswirtschaftslehre ► Wirtschaftspolitik | |
Schlagworte | business • currentsmp • Economics • Information • Johnson • Management • Risk • security |
ISBN-10 | 0-387-09762-7 / 0387097627 |
ISBN-13 | 978-0-387-09762-6 / 9780387097626 |
Haben Sie eine Frage zum Produkt? |
Größe: 7,1 MB
DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich