Home // SECURWARE 2015, The Ninth International Conference on Emerging Security Information, Systems and Technologies // View article
Authors:
Pankaj Pandey
Steven De Haes
Keywords: Information Security; Security Economics; Risk Management; Financial Instrument.
Abstract:
Recent cyber-attacks on various organizations indicate that even the most sophisticated technical controls are vulnerable. Furthermore, due to the problem of misaligned incentives it is inevitable to achieve absolute protection with technical controls against the risks and its impact. Thus, there is a space for alternative risk management methods. However, there is a lack of an (effective) financial mechanism to incentivize coordinated efforts by stakeholders in addressing the problem of information asymmetry, negative externality, and free-riding in the information security ecosystem. Therefore, we propose a novel financial instrument called information security financial instrument to incentivize investments in collaborative and multistakeholder initiatives to develop and implement stronger defense systems. The mechanism can contribute to an improvement in information security environment in a time bound manner. We have used a case-study to demonstrate the application of the information security financial instrument. Furthermore, we have analyzed the information security financial instrument against a set of requirements and its usefulness over cyber-insurance in incentivizing investments in information security mechanisms to manage risks. In our analysis, we found that information security financial instruments can be a solution to address (at least to some extent) various economic problems in the information security domain.
Pages: 166 to 175
Copyright: Copyright (c) IARIA, 2015
Publication date: August 23, 2015
Published in: conference
ISSN: 2162-2116
ISBN: 978-1-61208-427-5
Location: Venice, Italy
Dates: from August 23, 2015 to August 28, 2015