793,076 research outputs found
The economics of user effort in information security
A significant number of security breaches result from employees' failures to comply with security policies. The cause is often an honest mistake, such as when an employee enters their password in a phishing website, believing it to be a legitimate one.1 It can also be a workaround when faced with an impossible task, such as when an employee has so many different passwords that they must be written down
Survey on economics of information security
Economics of information security has recently become a rapidly growing field of research that is vitally important for managing the decisions and behaviors in cyberspace security. This field provides valuable insights not only for security experts, but also for policy makers, business managers, economists and psychologists.In this paper, we are going to discuss the emergence and evolution of economics of information security; where it came from, where it is today and its future directions. Research conducted for this survey explores the literature on economic issues in information security and review the advantages, drawbacks, and future research directions to set the scene that the assessment and analysis of the economics of information security publications followed it. Furthermore, we provide a structured discussion and overview of selected sets of works and highlight the models and theories in this field by organizing the presented works into six main categories namely information security investment, trust and privacy, network security, malicious program and malware economics, penetration testing and digital forensics and software security. Additionally, this survey aims to familiarize readers with major areas of this field already in hand to indicate the gaps and overlooked issues in the economics of security
Modelling the costs and benefits of Honeynets
For many IT-security measures exact costs and benefits are not known. This
makes it difficult to allocate resources optimally to different security
measures. We present a model for costs and benefits of so called Honeynets.
This can foster informed reasoning about the deployment of honeynet technology.Comment: was presented at the "Third Annual Workshop on Economics and
Information Security" 2004 (WEIS04
Ethical guidelines for nudging in information security & privacy
There has recently been an upsurge of interest in the deployment of behavioural economics techniques in the information security and privacy domain. In this paper, we consider first the nature of one particular intervention, the nudge, and the way it exercises its influence. We contemplate the ethical ramifications of nudging, in its broadest sense, deriving general principles for ethical nudging from the literature. We extrapolate these principles to the deployment of nudging in information security and privacy. We explain how researchers can use these guidelines to ensure that they satisfy the ethical requirements during nudge trials in information security and privacy. Our guidelines also provide guidance to ethics review boards that are required to evaluate nudge-related research
Hospital Bed Capacity in Nevada Counties
This Fact Sheet shows data on hospital bed capacity within Nevada’s 17 counties, as originally published by High Country News on March 19, 2020. The original data source includes maps and charts compiled by Megan Lawson of Headwater Economics. The data include information from the Department of Homeland Security and the Department of Commerce
Game Theory Meets Network Security: A Tutorial at ACM CCS
The increasingly pervasive connectivity of today's information systems brings
up new challenges to security. Traditional security has accomplished a long way
toward protecting well-defined goals such as confidentiality, integrity,
availability, and authenticity. However, with the growing sophistication of the
attacks and the complexity of the system, the protection using traditional
methods could be cost-prohibitive. A new perspective and a new theoretical
foundation are needed to understand security from a strategic and
decision-making perspective. Game theory provides a natural framework to
capture the adversarial and defensive interactions between an attacker and a
defender. It provides a quantitative assessment of security, prediction of
security outcomes, and a mechanism design tool that can enable
security-by-design and reverse the attacker's advantage. This tutorial provides
an overview of diverse methodologies from game theory that includes games of
incomplete information, dynamic games, mechanism design theory to offer a
modern theoretic underpinning of a science of cybersecurity. The tutorial will
also discuss open problems and research challenges that the CCS community can
address and contribute with an objective to build a multidisciplinary bridge
between cybersecurity, economics, game and decision theory
- …