51 - 1 An Economics Perspective on the Sharing of...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
An Economics Perspective on the Sharing of Information Related to Security Breaches: Concepts and Empirical Evidence By: Lawrence A. Gordon, Martin P. Loeb, William Lucyshyn Organizations have created an arsenal of technical weapons to combat computer security breaches. This arsenal includes firewalls, encryption techniques, access control mechanisms, and intrusion detection systems. Unfortunately, this arsenal has met with only limited success, as indicated by the fact that over 90% of the respondents to the 2001 survey conducted by the Computer Security Institute and Federal Bureau of Investigation had detected security breaches within the past 12 months (Power, 2001, p. 31). Further evidence of the continuing problems associated with computer security breaches is provided by the fact that Representative Stephen Horn, in his second annual report card on computer security within the federal government, gave the federal agencies an overall average grade of F (Dean 2001). It is generally recognized that a key ingredient required to improve computer security is the gathering, analysis and sharing of information related to actual, as well as unsuccessful attempts at, computer security breaches. In the regard, in 1998 the U.S. federal government encouraged the establishment of industry-based Information Sharing and Analysis Centers (ISACs) under Presidential Decision Directive/NSC-63. These ISACs are intended to be private sector-based, but with the assistance and participation of the federal government. One such ISAC is the Financial Services ISAC (FS/ISAC). As noted on its website ( http://www.fsisac.com/ ): “The Financial Services Sharing and Analysis Center (FS/ISAC) offers a confidential venue for sharing security vulnerabilities 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
and solutions. It facilitates trust among its participants. Members benefit from the FS/ISAC’s unique proactive means of mitigating cyber-security risks.” As clearly noted in the above quote, “sharing security vulnerabilities and solutions” is a fundamental goal of the ISACs. However, there are a number of interesting economic issues that will affect achievement of this goal (for ISACs or any other organizational arrangement focused on the sharing information related to security breaches). These economic issues are most easily discussed in terms of the following series of questions. What is the economic incentive for an organization to join an ISAC? Once a firm joins an ISAC, what are the economic incentives to fully reveal information about actual security breaches? If such incentives are weak or non-existent, what types of security breaches are most likely to be revealed? Can the reward system be altered to provide economic incentives for complete and truthful revelation of security breaches? Do ISACs promote innovation in information security or do they promote free-riding
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 7

51 - 1 An Economics Perspective on the Sharing of...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online