Why information security is hard - an economic perspective
Citations
1,017 citations
855 citations
737 citations
Cites background or methods from "Why information security is hard - ..."
...are building their market position; later, once they have captured a lucrative market, they add excessive security in order to lock their customers in tightly [ 6 ]....
[...]
...prevented. Although vendors are capable of creating more secure software, the economics of the software industry provide them with little incentive to do so [ 6 ]....
[...]
...lemons’ [ 6 ]. In a Nobel prizewinning work, economist George Akerlof employed the used car market as a metaphor for a market with asymmetric information [16]....
[...]
686 citations
Cites background from "Why information security is hard - ..."
...Recent conceptual/theoretical studies by Anderson [2] and Gordon and Loeb [20] provide insights into the economics of information security, but do not investigate the actual magnitude of losses associated with information security breaches....
[...]
543 citations
References
17,764 citations
"Why information security is hard - ..." refers background in this paper
...Infosec people frequently complain about this in many markets for the products and components we use; the above insight, due to Akerlof [ 1 ], explains why it happens....
[...]
2,210 citations
2,047 citations
"Why information security is hard - ..." refers background in this paper
...In fact, one of the main results of network economic theory is that the net present value of the customer base should equal the total costs of their switching their business to a competitor [19]....
[...]
1,852 citations
"Why information security is hard - ..." refers background in this paper
...In mobile phones, much of the profit is made on batteries, and authentication can be used to spot competitors’ products so they can be drained more quickly [3]....
[...]
...Some examples are documented in my book, Security Engineering [3]....
[...]
[...]
1,307 citations
"Why information security is hard - ..." refers methods in this paper
...I got useful comments on early drafts of some of this material from Avi Rubin, Hal Finney, Jack Lang, Andrew Odlyzko and Hal Varian....
[...]
...A good introduction to network economics is by Shapiro and Varian [17]....
[...]
...Varian pointed out that this was also a case of incentive failure [20]....
[...]
...A typical tenthcentury Saxon village had community mechanisms to deal with this problem; the world of computer security still doesn’t. Varian’s proposal is that the costs of distributed denial-of-service attacks should fall on the operators of the networks from which the flood- ing traffic originates; they can then exert pressure on their users to install suitable defensive software, or, for that matter, supply it themselves as part of the subscription package....
[...]