Authored by Professor Ross Anderson, Why Information Security is Hard applies an economic analysis to explain the many vulnerabilities within the field of information security.
- "According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols,approved �rewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved.
- In this note, I put forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons."
- From the Abstract from Ross Anderson's Why Information Security is Hard
External Links[]
- A PDF copy of Why Information Security is Hard
- Ross Anderson's website
- [http://www.wired.com/news/columns/0,71264-0.html It's the Economy, Stupid
from WIRED Magazine]