Abstract
Few things in society and everyday life have changed in the last 10 years as much as the concept of security. From bank robberies to wars, what used to imply a great deal of violence is now silently happening on the Internet. Perhaps more strikingly, the very idea of privacy – a concept closely related to that of individual freedom – is undergoing such a profound revolution that people are suddenly unable to make rational and informed decisions: we protested for the introduction of RFID tags (Kelly and Erickson, 2005; Lee and Kim, 2006) and now we throw away en-masse most of our private information by subscribing to services (social media, free apps, cloud services), which have their reason of existence in the commerce of intimate personal data. The ICT revolution has changed the game, and the security paradigms that were suitable for people and systems just up to 10 years ago are now obsolete. It looks like we do not know what to replace them with. As of today, we keep patching systems but we do not understand how to make them reasonably secure (Rice, 2007); perhaps more importantly, we do not understand what reasonable privacy guarantees are for human beings, let alone how to enforce them. We do not understand how to combine accountability and freedom in this new world, in which firewalls and digital perimeters cannot guarantee security and privacy any longer. We believe that the root of the challenge that we face is understanding security and how information technology can enable and support such an understanding. And just like security is a broad, multidisciplinary topic covering technical as well as non-technical issues, the challenge of understanding security is a multifaceted one, spanning across a myriad of noteworthy topics. Here, we mention just three that we consider particularly important.
Highlights
Few things in society and everyday life have changed in the last 10 years as much as the concept of security
The challenge for us remains to be able to quantify what is the value of cybersecurity; in particular, the challenge is to develop novel IT-risk assessment methods to support a person in making decisions regarding the security and privacy measures to be taken
The research community is becoming aware of the urgency of such methods, and we can find forums like Workshop on the Economics of Information Security (WEIS), that aim to bring together researchers and practitioners in order to advance the states of the art and practice in the evaluation of security
Summary
Few things in society and everyday life have changed in the last 10 years as much as the concept of security. Just like security is a broad, multidisciplinary topic covering technical as well as non-technical issues, the challenge of understanding security is a multifaceted one, spanning across a myriad of noteworthy topics. We believe it will stay so for many years, leaving us in the hands of security technology, which is clearly not able to cope with the complexity of today’s attacks.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
