A thriving new field of information security economics provides valuable insights not just into ‘security’ topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analyzing information security problems—one that is both principled and effective.

Download PDF

References

1. Berre, A. J., Roman, D., Landre, E., Heuvel, W. V. D., Skår, L. A., Udnæs, M., Lennon, R., et al. (2009). Towards best practices in designing for the cloud. In Proceeding of the 24th ACM SIGPLAN conference companion on Object oriented programming systems languages and applications (pp. 697-698).
2. Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., & Zamboni, D. (2009). Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM workshop on Cloud computing security (pp. 97-102).
3. Bishop, Matt (2004). Computer security: art and science. Addison-Wesley
4. Feltus, Christophe (2008). Preliminary Literature Review of Policy Engineering Methods - Toward Responsibility Concept. Proceeding of 3rd international conference on information and communication technologies : from theory to applications (ICTTA 08), Damascus, Syria; Preliminary Literature Review of Policy Engineering Methods - Toward Responsibility Concept.
5. McLean, John (1994). 'Security Models'. Encyclopedia of Software Engineering. 2. New York: John Wiley & Sons, Inc. pp. 1136–1145.
6. Allen, Julia H. (2001). The CERT Guide to System and Network Security Practices. Boston, MA: Addison-Wesley.
7. Krutz, Ronald L.; Russell Dean Vines (2003). The CISSP Prep Guide (Gold Edition ed.). Indianapolis, IN: Wiley.
8. Layton, Timothy P. (2007). Information Security: Design, Implementation, Measurement, and Compliance. Boca Raton, FL: Auerbach publications
9. McNab, Chris (2004). Network Security Assessment. Sebastopol, CA: O'Reilly. ISBN 0-596- 00611-X.
10. Peltier, Thomas R. (2001). Information Security Risk Analysis. Boca Raton, FL: Auerbach publications.
11. Peltier, Thomas R. (2002). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Boca Raton, FL: Auerbach publications. ISBN 0- 8493-1137-3.
12. White, Gregory (2003). All-in-one Security+ Certification Exam Guide. Emeryville, CA: McGraHill/Osborne. ISBN 0-07-222633-1.
13. Dhillon, Gurpreet (2007). Principles of Information Systems Security: text and cases. NY: John Wiley & Sons. ISBN 978-0471450566.

Back