Investments and Trade-offs in the Economics of Information Security

Christos Ioannidis, David Pym, Julian Williams

Research output: Chapter in Book/Report/Conference proceedingChapter

20 Citations (Scopus)

Abstract

We develop and simulate a dynamic model of investment in information security. The model is based on the recognition that both IT managers and users appreciate the trade-off between the fundamental characteristics of information security, namely confidentiality and availability. The model's parameters can be clustered in a manner that allows us to categorize and compare the responses to shocks of various types of organizations. We derive the system's stability conditions and find that they admit a wide choice of parameters. We examine the system's responses to the same shock in confidentiality under different parameter constellations that correspond to various types of organizations. Our analysis illustrates that the response to investments in information security will be uniform in neither size nor time evolution.
Original languageEnglish
Title of host publicationFinancial Cryptography and Data Security
Subtitle of host publication13th International Conference, FC 2009, Revised Selected Papers
EditorsRoger Dingledine, Philippe Golle
Place of PublicationHeidelberg, Germany
PublisherSpringer-Verlag
Pages148-166
Number of pages19
Volume5628
ISBN (Electronic)978-3642035487
ISBN (Print)3642035485, 978-3642035487
DOIs
Publication statusPublished - 28 Jul 2009

Publication series

NameSecurity and Cryptology (Lecture Notes in Computer Science)
PublisherSpringer-Verlag
Number5628
ISSN (Print)0302-9743

Keywords

  • Loss function
  • capital stock
  • Information Security
  • Security breach
  • Quadratic loss function

Fingerprint Dive into the research topics of 'Investments and Trade-offs in the Economics of Information Security'. Together they form a unique fingerprint.

  • Cite this

    Ioannidis, C., Pym, D., & Williams, J. (2009). Investments and Trade-offs in the Economics of Information Security. In R. Dingledine, & P. Golle (Eds.), Financial Cryptography and Data Security: 13th International Conference, FC 2009, Revised Selected Papers (Vol. 5628, pp. 148-166). (Security and Cryptology (Lecture Notes in Computer Science); No. 5628). Springer-Verlag. https://doi.org/10.1007/978-3-642-03549-4_9