论文信息 - How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks

How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks

We address the question of how much security is required to protect a packaged system, installed in a large number of organizations, from thieves who would exploit a single vulnerability to attack multiple installations. While our work is motivated by the need to help organizations make decisions about how to defend themselves, we also show how they can better protect themselves by helping to protect each other.

Michael D. Smith | Stuart E. Schechter | Michaela Smith | M. Smith | Michael D. Smith

[1] I. Ehrlich. Participation in Illegitimate Activities: A Theoretical and Empirical Investigation , 1973, Journal of Political Economy.

[2] Itzhak Goldberg,et al. Does Reporting Deter Burglars?-An Empirical Analysis of Risk and Return in Crime , 1980 .

[3] I. Ehrlich. Crime, Punishment, and the Market for Offenses , 1996 .

[4] Moti Yung,et al. Cryptovirology: extortion-based security threats and countermeasures , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[5] H. Summerton. Who cares? , 2000, Nursing times.

[6] L. J. Camp. Pricing Security , 2000 .

[7] Ross J. Anderson. Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[8] Honeynet Phase Two: Knowing Your Enemy More , 2001 .

[9] Lawrence A. Gordon,et al. An Economics Perspective on the Sharing of Information Related to Security Breaches: Concepts and Empirical Evidence , 2002 .

[10] Crispin Cowan,et al. Timing the Application of Security Patches for Optimal Uptime , 2002, LISA.

[11] Stuart E. Schechter,et al. Quantitatively Differentiating System Security , 2002 .

[12] Eric Rescorla. Security Holes . . . Who Cares? , 2003, USENIX Security Symposium.

[13] Hal R. Varian,et al. System Reliability and Free Riding , 2004, Economics of Information Security.

[14] Lawrence A. Gordon,et al. The economics of information security investment , 2002, TSEC.