Abstract
Should public policy-makers set minimum levels of behaviour for individuals
and corporations regarding information security policies and investments?
We consider a model in which a finite number of targets are at risk of attack, attacks
are costly, and have a finite probability of success. One important innovation is an
explicit model of the decisions of potential attackers on whether to mount attacks.
The model shows how the behaviour of attackers and the nature of the technological
environment can create a role for a policy-maker to coordinate optimal minimum
levels of protective expenditure for firms.
and corporations regarding information security policies and investments?
We consider a model in which a finite number of targets are at risk of attack, attacks
are costly, and have a finite probability of success. One important innovation is an
explicit model of the decisions of potential attackers on whether to mount attacks.
The model shows how the behaviour of attackers and the nature of the technological
environment can create a role for a policy-maker to coordinate optimal minimum
levels of protective expenditure for firms.
Original language | English |
---|---|
Place of Publication | Aberdeen |
Publisher | University of Aberdeen |
Pages | 1-23 |
Number of pages | 23 |
Publication status | Published - 2013 |