Reference no: EM131411089
Module- Case: SECURITY VIA TECHNOLOGY
1. Revisit Bruce Schneier's presentation in Module 2. This time, please focus on his discussions on cost/benefit analysis.
Schneier, B. (2008). What are the implications of spying? CCTV interview with Bruce Schneier. Retrieved from https://www.youtube.com/watch?v=Ar67N94NYr0
If you don't have access to the presentation, then simply read his article mentioned in Module 2. The article is:
Schneier, Bruce. The Psychology of Security. http://www.schneier.com/essay-155.html
The following article provides an example how such a cost/benefit analysis is considered.
Schneier, Bruce. Security at What Cost? National ID System Is Not Worth The $23 Billion Price Tag. http://www.schneier.com/essay-207.html.
The following article uses some typical accounting measurements for economics of information security.
Gordon, L. A., & Richardson, R. (2004). The New Economics of Information Security. Optimize. April, 83-86. (Trident Online Library: ProQuest)
The following article recaps what we talked about perceptions of security. More importantly, it discusses how people generally do not perceive gains and costs equally. When you conduct a cost/benefit analysis of security, you should keep that in mind.
West, R. (2008). The psychology of security. Communications of the ACM, Apr, 51(4), 34-40.
2. Incentive Design
The economics of information security is not only about cost/benefit analysis of implementing a security measure. Another major topic in economics is mechanism design, which provides principles and methods (like game theory) to help design incentive-compatible mechanisms that ensure participants are better off behaving honestly than dishonestly. See the following article to get a peek:
The Economist. (2007) Intelligent Design. Oct 18th, 2007. http://www.economist.com/finance/displaystory.cfm?story_id=9988840
To know more about the three Nobel Prize winners in 2007 economics division, surf http://nobelprize.org/nobel_prizes/economics/laureates/2007/ and check them out.
It is not easy to understand the revelation principle or the incentive-compatible design. I introduce you the concepts here for the purpose of making you aware of such a method. It takes time to learn how to design a game (a mechanism) that every party is better off by being honest.
Well, on a lighter note. Interestingly, a movie called "Mad Money" tells a story of three female employees of the Federal Reserve Bank stealing money that is about to be shredded. It is not a movie that I recommend to watch a second time, but it is entertaining enough to watch once. The movie is also a fit for the educational purpose here. I suggest you watch it once when you get a chance during this term, and pay special attention to the human factors -- especially the incentives of the thieves and the Chief Security Officer.
3. Other Economics Issues as to Security
As a matter of fact, there are many aspects in applying economics to information security. The following article has mentioned a list of authors that research economics of information security and provided a brief overview of their research:
Anderson R. and Schneier B., (2005) Economics of Information Security, IEEE Security and Privacy 3 (1), 2005, pp. 12-13. (Retrieved May 19, 2008).
To know more in depth, you can choose to view the video (optional):
Simonyi Konferencia 2011 - Economics of Information Security and Privacy. Retrieved from http://www.youtube.com/watch?v=fSfH80DY6S4
You are probably overwhelmed now with all these economics. I hope you also have broadened your views on security and have said "wow" to yourself that now you hold a much broader view on security and how to approach it from economic perspective.
Please write a 4- to 6-page paper discussing what you have learned:
What are the economic considerations of information security and its management?
In preparing your paper, you need to discuss the following issues, and support with arguments and evidence:
• What are the major economic considerations in information security and management?
• Are these economic considerations serving their purposes?
• Why do these economic measures help?
• Discuss economic mechanisms that can improve information security and management.
• Provide a comparative table of the economic measures that you discussed.
Length: Minimum 4-6 pages excluding cover page and references (since a page is about 300 words, this is approximately 1,200-1,800 words).