Sciweavers

Share
ACSAC
2001
IEEE

Why Information Security is Hard-An Economic Perspective

10 years 6 months ago
Why Information Security is Hard-An Economic Perspective
According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. In this note, I put forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons.
Ross J. Anderson
Added 23 Aug 2010
Updated 23 Aug 2010
Type Conference
Year 2001
Where ACSAC
Authors Ross J. Anderson
Comments (0)
books