51 - 1 An Economics Perspective on the Sharing of...

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
An Economics Perspective on the Sharing of Information Related to Security Breaches: Concepts and Empirical Evidence By: Lawrence A. Gordon, Martin P. Loeb, William Lucyshyn Organizations have created an arsenal of technical weapons to combat computer security breaches. This arsenal includes firewalls, encryption techniques, access control mechanisms, and intrusion detection systems. Unfortunately, this arsenal has met with only limited success, as indicated by the fact that over 90% of the respondents to the 2001 survey conducted by the Computer Security Institute and Federal Bureau of Investigation had detected security breaches within the past 12 months (Power, 2001, p. 31). Further evidence of the continuing problems associated with computer security breaches is provided by the fact that Representative Stephen Horn, in his second annual report card on computer security within the federal government, gave the federal agencies an overall average grade of F (Dean 2001). It is generally recognized that a key ingredient required to improve computer security is the gathering, analysis and sharing of information related to actual, as well as unsuccessful attempts at, computer security breaches. In the regard, in 1998 the U.S. federal government encouraged the establishment of industry-based Information Sharing and Analysis Centers (ISACs) under Presidential Decision Directive/NSC-63. These ISACs are intended to be private sector-based, but with the assistance and participation of the federal government. One such ISAC is the Financial Services ISAC (FS/ISAC). As noted on its website ( http://www.fsisac.com/ ): “The Financial Services Sharing and Analysis Center (FS/ISAC) offers a confidential venue for sharing security vulnerabilities 1
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
and solutions. It facilitates trust among its participants. Members benefit from the FS/ISAC’s unique proactive means of mitigating cyber-security risks.” As clearly noted in the above quote, “sharing security vulnerabilities and solutions” is a fundamental goal of the ISACs. However, there are a number of interesting economic issues that will affect achievement of this goal (for ISACs or any other organizational arrangement focused on the sharing information related to security breaches). These economic issues are most easily discussed in terms of the following series of questions. What is the economic incentive for an organization to join an ISAC? Once a firm joins an ISAC, what are the economic incentives to fully reveal information about actual security breaches? If such incentives are weak or non-existent, what types of security breaches are most likely to be revealed? Can the reward system be altered to provide economic incentives for complete and truthful revelation of security breaches?
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern