The Need for Public Policy Interventions in Information Security

David Pym, Joe Swierzbinski, Julian Williams

Research output: Working paper

1 Downloads (Pure)

Abstract

Should public policy-makers set minimum levels of behaviour for individuals
and corporations regarding information security policies and investments?
We consider a model in which a finite number of targets are at risk of attack, attacks
are costly, and have a finite probability of success. One important innovation is an
explicit model of the decisions of potential attackers on whether to mount attacks.
The model shows how the behaviour of attackers and the nature of the technological
environment can create a role for a policy-maker to coordinate optimal minimum
levels of protective expenditure for firms.
Original languageEnglish
Place of PublicationAberdeen
PublisherUniversity of Aberdeen
Pages1-23
Number of pages23
Publication statusPublished - 2013

Fingerprint

Information security
Public policy
Policy intervention
Politicians
Attack
Security policy
Innovation
Expenditure

Cite this

Pym, D., Swierzbinski, J., & Williams, J. (2013). The Need for Public Policy Interventions in Information Security. (pp. 1-23). Aberdeen: University of Aberdeen.

The Need for Public Policy Interventions in Information Security. / Pym, David; Swierzbinski, Joe; Williams, Julian.

Aberdeen : University of Aberdeen, 2013. p. 1-23.

Research output: Working paper

Pym, D, Swierzbinski, J & Williams, J 2013 'The Need for Public Policy Interventions in Information Security' University of Aberdeen, Aberdeen, pp. 1-23.
Pym D, Swierzbinski J, Williams J. The Need for Public Policy Interventions in Information Security. Aberdeen: University of Aberdeen. 2013, p. 1-23.
Pym, David ; Swierzbinski, Joe ; Williams, Julian. / The Need for Public Policy Interventions in Information Security. Aberdeen : University of Aberdeen, 2013. pp. 1-23
@techreport{405f36f50aba4c99965b1d2e99b69311,
title = "The Need for Public Policy Interventions in Information Security",
abstract = "Should public policy-makers set minimum levels of behaviour for individualsand corporations regarding information security policies and investments?We consider a model in which a finite number of targets are at risk of attack, attacksare costly, and have a finite probability of success. One important innovation is anexplicit model of the decisions of potential attackers on whether to mount attacks.The model shows how the behaviour of attackers and the nature of the technologicalenvironment can create a role for a policy-maker to coordinate optimal minimumlevels of protective expenditure for firms.",
author = "David Pym and Joe Swierzbinski and Julian Williams",
year = "2013",
language = "English",
pages = "1--23",
publisher = "University of Aberdeen",
type = "WorkingPaper",
institution = "University of Aberdeen",

}

TY - UNPB

T1 - The Need for Public Policy Interventions in Information Security

AU - Pym, David

AU - Swierzbinski, Joe

AU - Williams, Julian

PY - 2013

Y1 - 2013

N2 - Should public policy-makers set minimum levels of behaviour for individualsand corporations regarding information security policies and investments?We consider a model in which a finite number of targets are at risk of attack, attacksare costly, and have a finite probability of success. One important innovation is anexplicit model of the decisions of potential attackers on whether to mount attacks.The model shows how the behaviour of attackers and the nature of the technologicalenvironment can create a role for a policy-maker to coordinate optimal minimumlevels of protective expenditure for firms.

AB - Should public policy-makers set minimum levels of behaviour for individualsand corporations regarding information security policies and investments?We consider a model in which a finite number of targets are at risk of attack, attacksare costly, and have a finite probability of success. One important innovation is anexplicit model of the decisions of potential attackers on whether to mount attacks.The model shows how the behaviour of attackers and the nature of the technologicalenvironment can create a role for a policy-maker to coordinate optimal minimumlevels of protective expenditure for firms.

M3 - Working paper

SP - 1

EP - 23

BT - The Need for Public Policy Interventions in Information Security

PB - University of Aberdeen

CY - Aberdeen

ER -