Making the best use of cybersecurity economic models

IEEE Security and Privacy

Volumn 7, Issue 4, 2009, Pages 52-60

  Rue, Rachel ^a   Pfleeger, Shari Lawrence ^a  

^a RAND CORPORATION   (United States)

Author keywords

Cybersecurity; Economic models; Security and privacy; Security function; Vulnerability

Indexed keywords

CYBERSECURITY; ECONOMIC MODELS; SECURITY AND PRIVACY; SECURITY FUNCTION; VULNERABILITY;

ECONOMICS; MATHEMATICAL MODELS; PLANNING; PROFITABILITY; RESOURCE ALLOCATION; SYSTEMS ENGINEERING;

SECURITY OF DATA;

EID: 67649673141     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2009.98     Document Type: Article

References (13)

1. R. Rue, S.L. Pfleeger, and D. Ortiz, "A Framework for 1. Classifying and Comparing Models of Cyber Security Investment to Support Policy and Decision-Making," Proc. WEIS 2007, 2007; http://weis2007.econinfosec. org/papers/76.pdf.
2. S.L. Pfleeger and R. Rue, "Cybersecurity Economic 2. Issues: Clearing the Path to Good Practice," IEEE Software, vol.25, no.1, 2008, pp. 35-42.
3. P. Honeyman, G.A. Schwartz, and A. Van Assche, 3. "Interdependence of Reliability and Security," Proc. WEIS 2007, 2007; http://weis2007. econinfosec.org/ papers/71.pdf.
4. V. Kumar, R. Telang and T. Mukhopadhyay, "Opti- 4. mally Securing Interconnected Information Systems and Assets," Proc. WEIS 2007, 2007; http://weis2007. econinfosec.org/papers/64.pdf.
5. D.J. Clark and K.A. Konrad, "Asymmetric Conflict: 5. Weakest Link against Best Shot," J. Conflict Resolution, vol.51, no.3, 2007, pp. 457-468; http://jcr.sagepub. com/cgi/content/abstract/51/3/457.
6. H. Cavusoglu, B. Mishra, and S. Raghunathan, "A 6. Model for Evaluating IT Security Investments," Comm. ACM, vol.47, no.7, 2004; http://info.freeman.tulane. edu/huseyin/paper/investment.pdf.
7. R. Adkins, "An Insurance-Style Model for Deter- 7. mining the Appropriate Investment Level against Maximum Loss Arising from an Information Security Breach," Proc. WEIS 2004, 2004; www.dtc.umn.edu/ weis2004/adkins.pdf.
8. R. Brady, R. Anderson, and R.C. Ball, 8. Murphy's Law, the Fitness of Evolving Species, and the Limits of Software Reliability, tech. report 471, Cambridge Univ. Computer Lab., 1999; www.cl.cam.ac.uk/techreports/UCAMCL- TR-471.pdf .
9. K. Hausken, 9. Returns to Information Security Investment: The Effect of Alternative Information Security Breach Functions on Optimal Investment and Sensitivity to Vulnerability, Springer Science + Business Media, 2006; www. springerlink.com/content/92rph61467758553/.
10. A. Ozment, "Improving Vulnerability Discovery Mod- 10. els," Proc. 2007 ACM Workshop on Quality of Protection, ACM Press, 2007, pp. 6-11; http://portal.acm.org/ citation.cfm?id=1314257.1314261.
11. E. Nakashima, "Bush Order Expands Network Moni- 11. toring," The Washington Post, 26 Jan. 2008, p. A03.
12. P.S. Antón et al., 12. Finding and Fixing Vulnerabilities in Information Systems: The Vulnerability Assessment and Mitigation Methodology, RAND report MR-1601
13. RAND Corp., 2004; www.rand.org/pubs/monograph-reports/MR1601/.