Information Technology Reference
In-Depth Information
security expenditure and expected returns result in positive growth. In this paper we
have rigorously assessed the security expenditure and their expected returns and con-
clude that the rational choice for selection of security controls is important. Before we
invest our valuable resources into protecting the information assets it is vital to ad-
dress concerns such as the importance of information or the resource being protected,
the potential impact if the security is breached, the skills and resources of the attacker
and the controls available to implement the security. The value on stack is not the
capital, but rather expected return on capital. In any event, security expenditure fails
where it costs more than it is expected to save [14]. This paper validates reasons why
the cost of vendors in share price [13] and reputational losses exceed the perceived
gains from technical reasons where the fix might break existing applications.
References
[1] Ben-Itzhak, Y.: Organised cybercrime and payment cards. Card Technology Today 21(2),
10-11 (2009)
[2] Devanbu, P.T., Stubblebine, S.: Software engineering for security: a roadmap. In: Pro-
ceedings of the Conference on The Future of Software Engineering. ACM, Limerick
(2002)
[3] DShield (2006-2010), http://www.dshield.org
[4] Hahn, R.W., Layne-Farrar, A.: The Law and Economics of Software Security, p. 283.
Harv. J.L. & Pub., Pol'y (2007)
[5] Jaziar, R.: Understanding Hidden Information Security Threats: The Vulnerability Black
Market. Paper presented at the 40th Annual Hawaii International Conference on System
Sciences HICSS (2007)
[6] Peisert, S., Bishop, M.: How to Design Computer Security Experiments. In: WG 11.8 In-
ternational Federation of Information Processing. Springer, Boston (2007)
[7] Scott, M.D.: Tort Liability for Vendors of Insecure Software: Has the Time Finally
Come. Md. L. Rev. 67(425) (2007-2008)
[8] Skyrms, B.: The Stag Hunt and the Evolution of Social Structure. Cambridge University
Press, Cambridge (2004)
[9] Stolpe, M.: Protection Against Software Piracy: A Study Of Technology Adoption For
The Enforcement Of Intellectual Property Rights. Economics of Innovation and New
Technology 9(1), 25-52 (2000)
[10] White, D.S.D.: Limiting Vulnerability Exposure through effective Patch Management:
threat mitigation through vulnerability remediation. Master of Science Thesis, Depart-
ment of Computer Science, Rhodes University (2006)
[11] Kolstad, C.D., Mathiesen, L.: Computing Cournot-Nash Equilibria. Operations Re-
search 39, 739-748 (1991)
[12] Kurz, M., Hart, S.: Pareto-Optimal Nash Equilibria Are Competitive in a Repeated Econ-
omy. Journal of Economic Theory 28, 320-346 (1982)
[13] Arora, A., Telang, R.: Economics of Software Vulnerability Disclosure. IEEE Security
and Privacy 3(1), 20-22 (2005)
[14] Bacon, D.F., Chen, Y., Parkes, D., Rao, M.: A market-based approach to software evolu-
tion. Paper presented at the Proceeding of the 24th ACM SIGPLAN Conference Compan-
ion on Object Oriented Programming Systems Languages and Applications (2009)
[15] Cavusoglu, H., Cavusoglu, H., Zhang, J.: Economics of Security Patch Management. In:
The Fifth Workshop on the Economics of Information Security, WEIS 2006 (2006)
 
Search WWH ::




Custom Search