June 01, 2004

Economics of Information Security

Alex has an interesting post pointing to a collection of links Ross Anderson has on Economics and Security.

I've read most of the information there before, and the real gem within that entire page is the link to a paper Ross wrote on Why Information Security is Hard - An Economic Perspective. It was one of the first papers dedicated to information security which really touched on the heart of the matter. If you haven't had a chance, you might consider reading it. It applies economic analysis to explain a number of phenomena that security researchers had previously found to be pervasive but perplexing.

Happy reading!

Posted by SilverStr at June 1, 2004 07:40 AM | TrackBack
Comments

The article is far to long to read right now, but could it be condensed down to "MS has a monopoly and it's not like they are going to lose lots of money unless they tighten security, so why should they bother?"

That's how I see it. They have to give it lip service, and seem to be making an honest effort to try to make things more secure, but it's not their top priority (#1 = marketting and evangelising IMHO).

Posted by: Arcterex at June 1, 2004 09:49 AM

Lots of fine print so I only quickly scanned through it. The quote that jumped out to me was:

"Still, the effort required of the
attacker is still much less than that needed for
effective defense."

Which is what it all comes down to.

Posted by: Wim at June 1, 2004 11:56 PM