Loading [a11y]/accessibility-menu.js
Why information security is hard - an economic perspective | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >Seventeenth Annual Computer S...

Why information security is hard - an economic perspective

PDF
R. Anderson
All Authors

Abstract:

According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, ...Show More

Metadata

Abstract:

According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. The author puts forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons.
Published in: Seventeenth Annual Computer Security Applications Conference
Date of Conference: 10-14 December 2001
Date Added to IEEE Xplore: 07 August 2002
Print ISBN:0-7695-1405-7
DOI: 10.1109/ACSAC.2001.991552
Conference Location: New Orleans, LA, USA
Contents

1 Introduction

In a survey of fraud against autoteller machines [4], it was found that patterns of fraud depended on who was liable for them. In the USA, if a customer disputed a transaction, the onus was on the bank to prove that the customer was mistaken or lying; this gave US banks a motive to protect their systems properly. But in Britain, Norway and the Netherlands, the burden of proof lay on the customer: the bank was right unless the customer could prove it wrong. Since this was almost impossible, the banks in these countries became careless. Eventually, epidemics of fraud demolished their complacency. US banks, meanwhile, suffered much less fraud; although they actually spent less money on security than their European counter-parts, they spent it more effectively [4].

Contact IEEE to Subscribe
More Like This
Information Security Threats and Access Control Practices in Norwegian Businesses

21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07)

Published: 2007

Building an Active Computer Security Ethics Community

IEEE Security & Privacy

Published: 2011

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.