@inbook{de951e2a8e054361881cfdd2c03ab6ec,
title = "Investments and Trade-offs in the Economics of Information Security",
abstract = "We develop and simulate a dynamic model of investment in information security. The model is based on the recognition that both IT managers and users appreciate the trade-off between the fundamental characteristics of information security, namely confidentiality and availability. The model's parameters can be clustered in a manner that allows us to categorize and compare the responses to shocks of various types of organizations. We derive the system's stability conditions and find that they admit a wide choice of parameters. We examine the system's responses to the same shock in confidentiality under different parameter constellations that correspond to various types of organizations. Our analysis illustrates that the response to investments in information security will be uniform in neither size nor time evolution.",
keywords = "Loss function, capital stock, Information Security, Security breach, Quadratic loss function",
author = "Christos Ioannidis and David Pym and Julian Williams",
note = "Revised selected papers, 13th International Conference on Financial Cryptography and Data Security, FC 2009, held in Accra Beach, Barbados, in February 2009. ",
year = "2009",
month = jul,
day = "28",
doi = "10.1007/978-3-642-03549-4_9",
language = "English",
isbn = "3642035485",
volume = "5628",
series = "Security and Cryptology (Lecture Notes in Computer Science)",
publisher = "Springer-Verlag",
number = "5628",
pages = "148--166",
editor = "Roger Dingledine and Philippe Golle",
booktitle = "Financial Cryptography and Data Security",
}