Abstract
Economics can be used as a tool to explain, describe, and to a certain extent predict many forms of human behaviour. However, there is only a limited body of work on its application to information security, much of which is acknowledged as partial or incomplete. As a consequence, there is a paucity of robust explanatory or predictive models that are tuned for the peculiarities of the “cyber” challenge, either to organisations, or, at a higher level, the nation state.The effect of this is that the base arguments for information security business cases are often weak or flawed; as a result, there is an argument that both organisations and nation states will therefore tend to underinvest in information security. To improve this position, there would be benefits for information security, as a profession adopting economic models used in other areas of endeavour that historically have suffered similar problems. One potential model is full-cost accounting.However, there are a number of further implications. These include an underlining of the importance of information security professional “speaking business language”. Also highlighted is the potential value of building a common knowledge base of the true cost of security failures, akin to the actuarial bodies of knowledge used in the insurance industry, rather than the partial and imperfect measures in use today.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
