Rationally Opting for the Insecure Alternative: Negative Externalities and the Selection of Security Controls

Craig Wright, Tanveer Zia

Research output: Book chapter/Published conference paperConference paper

51 Downloads (Pure)

Abstract

As with all aspects of business and the economy, information security is an economic function. Security can be modeled as a maintenance or insurance cost as a relative function but never in absolute terms. As such, security can be seen as a cost function that leads to the prevention of loss, but not one that can create gains (or profit). With the role of a capital investment to provide a return on investment, security is a defense against unforeseen losses that cost capital and reduce profitability. In this paper we assess the individual security cost and model our assessment in economic terms. This assessment is vital in determining the cost benefit in applying costly security controls in our systems in general and software in particular.
Original languageEnglish
Title of host publicationComputational Intelligence in Security for Information Systems
Subtitle of host publicationProceedings of the 4th International Conference, CISIS 2011
EditorsÁlvaro Herrero, Emilio Corchado
Place of PublicationGermany
PublisherSpringer
Pages206-213
Number of pages8
Volume6694
ISBN (Electronic)9783642213236
ISBN (Print)9783642213229
Publication statusPublished - 2011
Event4th International Conference on Computational Intelligence in Security for Information Systems: CISIS 2011 - Hotel Melia Costa del Sol, Torremolinos, Málaga, Spain
Duration: 08 Jun 201110 Jun 2011
http://www.springer.com/gp/book/9783642213229 (Conference proceedings )
https://web.archive.org/web/20110720145129/http://gicap.ubu.es/cisis2011/home/home.shtml (Conference website)

Publication series

NameSecurity and Cryptology
PublisherSpringer
ISSN (Print)0302-9743

Conference

Conference4th International Conference on Computational Intelligence in Security for Information Systems
CountrySpain
CityTorremolinos, Málaga
Period08/06/1110/06/11
OtherCISIS aims to offer a meeting opportunity for academic and industry-related researchers belonging to the various, vast communities of Computational Intelligence, Information Security, and Data Mining. The need for intelligent, flexible behaviour by large, complex systems, especially in mission-critical domains, is intended to be the catalyst and the aggregation stimulus for the overall event.
Internet address

Fingerprint Dive into the research topics of 'Rationally Opting for the Insecure Alternative: Negative Externalities and the Selection of Security Controls'. Together they form a unique fingerprint.

  • Cite this

    Wright, C., & Zia, T. (2011). Rationally Opting for the Insecure Alternative: Negative Externalities and the Selection of Security Controls. In Ã. Herrero, & E. Corchado (Eds.), Computational Intelligence in Security for Information Systems: Proceedings of the 4th International Conference, CISIS 2011 (Vol. 6694, pp. 206-213). (Security and Cryptology). Springer.