Investments and Trade-offs in the Economics of Information Security

Christos Ioannidis; David Pym; Julian Williams

doi:10.1007/978-3-642-03549-4_9

Investments and Trade-offs in the Economics of Information Security

Christos Ioannidis, David Pym, Julian Williams

University of Bath

Research output: Chapter in Book/Report/Conference proceeding › Chapter

22 Citations (Scopus)

Abstract

We develop and simulate a dynamic model of investment in information security. The model is based on the recognition that both IT managers and users appreciate the trade-off between the fundamental characteristics of information security, namely confidentiality and availability. The model's parameters can be clustered in a manner that allows us to categorize and compare the responses to shocks of various types of organizations. We derive the system's stability conditions and find that they admit a wide choice of parameters. We examine the system's responses to the same shock in confidentiality under different parameter constellations that correspond to various types of organizations. Our analysis illustrates that the response to investments in information security will be uniform in neither size nor time evolution.

Original language	English
Title of host publication	Financial Cryptography and Data Security
Subtitle of host publication	13th International Conference, FC 2009, Revised Selected Papers
Editors	Roger Dingledine, Philippe Golle
Place of Publication	Heidelberg, Germany
Publisher	Springer-Verlag
Pages	148-166
Number of pages	19
Volume	5628
ISBN (Electronic)	978-3642035487
ISBN (Print)	3642035485, 978-3642035487
DOIs	https://doi.org/10.1007/978-3-642-03549-4_9
Publication status	Published - 28 Jul 2009

Publication series

Name	Security and Cryptology (Lecture Notes in Computer Science)
Publisher	Springer-Verlag
Number	5628
ISSN (Print)	0302-9743

Bibliographical note

Revised selected papers, 13th International Conference on Financial Cryptography and Data Security, FC 2009, held in Accra Beach, Barbados, in February 2009.

Keywords

Loss function
capital stock
Information Security
Security breach
Quadratic loss function

Access to Document

10.1007/978-3-642-03549-4_9

Cite this

Ioannidis, C., Pym, D., & Williams, J. (2009). Investments and Trade-offs in the Economics of Information Security. In R. Dingledine, & P. Golle (Eds.), Financial Cryptography and Data Security: 13th International Conference, FC 2009, Revised Selected Papers (Vol. 5628, pp. 148-166). (Security and Cryptology (Lecture Notes in Computer Science); No. 5628). Springer-Verlag. https://doi.org/10.1007/978-3-642-03549-4_9

Investments and Trade-offs in the Economics of Information Security. / Ioannidis, Christos; Pym, David; Williams, Julian.
Financial Cryptography and Data Security: 13th International Conference, FC 2009, Revised Selected Papers. ed. / Roger Dingledine; Philippe Golle. Vol. 5628 Heidelberg, Germany: Springer-Verlag, 2009. p. 148-166 (Security and Cryptology (Lecture Notes in Computer Science); No. 5628).

Research output: Chapter in Book/Report/Conference proceeding › Chapter

Ioannidis, C, Pym, D & Williams, J 2009, Investments and Trade-offs in the Economics of Information Security. in R Dingledine & P Golle (eds), Financial Cryptography and Data Security: 13th International Conference, FC 2009, Revised Selected Papers. vol. 5628, Security and Cryptology (Lecture Notes in Computer Science), no. 5628, Springer-Verlag, Heidelberg, Germany, pp. 148-166. https://doi.org/10.1007/978-3-642-03549-4_9

Ioannidis C, Pym D, Williams J. Investments and Trade-offs in the Economics of Information Security. In Dingledine R, Golle P, editors, Financial Cryptography and Data Security: 13th International Conference, FC 2009, Revised Selected Papers. Vol. 5628. Heidelberg, Germany: Springer-Verlag. 2009. p. 148-166. (Security and Cryptology (Lecture Notes in Computer Science); 5628). doi: 10.1007/978-3-642-03549-4_9

Ioannidis, Christos ; Pym, David ; Williams, Julian. / Investments and Trade-offs in the Economics of Information Security. Financial Cryptography and Data Security: 13th International Conference, FC 2009, Revised Selected Papers. editor / Roger Dingledine ; Philippe Golle. Vol. 5628 Heidelberg, Germany : Springer-Verlag, 2009. pp. 148-166 (Security and Cryptology (Lecture Notes in Computer Science); 5628).

@inbook{de951e2a8e054361881cfdd2c03ab6ec,

title = "Investments and Trade-offs in the Economics of Information Security",

abstract = "We develop and simulate a dynamic model of investment in information security. The model is based on the recognition that both IT managers and users appreciate the trade-off between the fundamental characteristics of information security, namely confidentiality and availability. The model's parameters can be clustered in a manner that allows us to categorize and compare the responses to shocks of various types of organizations. We derive the system's stability conditions and find that they admit a wide choice of parameters. We examine the system's responses to the same shock in confidentiality under different parameter constellations that correspond to various types of organizations. Our analysis illustrates that the response to investments in information security will be uniform in neither size nor time evolution.",

keywords = "Loss function, capital stock, Information Security, Security breach, Quadratic loss function",

author = "Christos Ioannidis and David Pym and Julian Williams",

note = "Revised selected papers, 13th International Conference on Financial Cryptography and Data Security, FC 2009, held in Accra Beach, Barbados, in February 2009. ",

year = "2009",

month = jul,

day = "28",

doi = "10.1007/978-3-642-03549-4_9",

language = "English",

isbn = "3642035485",

volume = "5628",

series = "Security and Cryptology (Lecture Notes in Computer Science)",

publisher = "Springer-Verlag",

number = "5628",

pages = "148--166",

editor = "Roger Dingledine and Philippe Golle",

booktitle = "Financial Cryptography and Data Security",

}

TY - CHAP

T1 - Investments and Trade-offs in the Economics of Information Security

AU - Ioannidis, Christos

AU - Pym, David

AU - Williams, Julian

N1 - Revised selected papers, 13th International Conference on Financial Cryptography and Data Security, FC 2009, held in Accra Beach, Barbados, in February 2009.

PY - 2009/7/28

Y1 - 2009/7/28

N2 - We develop and simulate a dynamic model of investment in information security. The model is based on the recognition that both IT managers and users appreciate the trade-off between the fundamental characteristics of information security, namely confidentiality and availability. The model's parameters can be clustered in a manner that allows us to categorize and compare the responses to shocks of various types of organizations. We derive the system's stability conditions and find that they admit a wide choice of parameters. We examine the system's responses to the same shock in confidentiality under different parameter constellations that correspond to various types of organizations. Our analysis illustrates that the response to investments in information security will be uniform in neither size nor time evolution.

AB - We develop and simulate a dynamic model of investment in information security. The model is based on the recognition that both IT managers and users appreciate the trade-off between the fundamental characteristics of information security, namely confidentiality and availability. The model's parameters can be clustered in a manner that allows us to categorize and compare the responses to shocks of various types of organizations. We derive the system's stability conditions and find that they admit a wide choice of parameters. We examine the system's responses to the same shock in confidentiality under different parameter constellations that correspond to various types of organizations. Our analysis illustrates that the response to investments in information security will be uniform in neither size nor time evolution.

KW - Loss function

KW - capital stock

KW - Information Security

KW - Security breach

KW - Quadratic loss function

U2 - 10.1007/978-3-642-03549-4_9

DO - 10.1007/978-3-642-03549-4_9

M3 - Chapter

SN - 3642035485

SN - 978-3642035487

VL - 5628

T3 - Security and Cryptology (Lecture Notes in Computer Science)

SP - 148

EP - 166

BT - Financial Cryptography and Data Security

A2 - Dingledine, Roger

A2 - Golle, Philippe

PB - Springer-Verlag

CY - Heidelberg, Germany

ER -

Investments and Trade-offs in the Economics of Information Security

Abstract

Publication series

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this