Who pays for a security violation? An assessment into the cost of lax security, negligence and risk, a glance into the looking glass. A research paper I published last year. Basically why security and risk are not achieving what they need to do. Abstract. Information security is a risk function. Paying for too much security can be more damaging in economic terms than not buying enough. This leads to the optimal expenditure on damage prevention and the question as to where this should lie. Who should be responsible for the security failures that are affecting the economy and society and how is this maximized in order to minimize negative externalities? Next, how do we best enforce liability in a global economy? In this paper, we address some of the economic issues that are arising due to an inability to assign risk correctly. We look at the externalities that restrict the development of secure software and how the failure of the end user to apply controls makes it less probable that a software vendor will enforce stricter programming controls. Keywords: Audit, Economics, Incentives, Risk, Security.
Posted on: Wed, 12 Jun 2013 00:06:30 +0000
Trending Topics
Recently Viewed Topics
© 2015