The Need for Public Policy Interventions in Information Security

David Pym, Joe Swierzbinski, Julian Williams

Research output: Working paper

3 Downloads (Pure)

Abstract

Should public policy-makers set minimum levels of behaviour for individuals
and corporations regarding information security policies and investments?
We consider a model in which a finite number of targets are at risk of attack, attacks
are costly, and have a finite probability of success. One important innovation is an
explicit model of the decisions of potential attackers on whether to mount attacks.
The model shows how the behaviour of attackers and the nature of the technological
environment can create a role for a policy-maker to coordinate optimal minimum
levels of protective expenditure for firms.
Original languageEnglish
Place of PublicationAberdeen
PublisherUniversity of Aberdeen
Pages1-23
Number of pages23
Publication statusPublished - 2013

    Fingerprint

Cite this

Pym, D., Swierzbinski, J., & Williams, J. (2013). The Need for Public Policy Interventions in Information Security. (pp. 1-23). University of Aberdeen.