论文信息 - Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

Most of the actions that fall under the trilogy of cyber crime, terrorism, and war exploit pre-existing weaknesses in the underlying technology. Because these vulnerabilities that exist in the network are not themselves illegal, they tend to be overlooked in the debate on cyber security. A UK report on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cybercrime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day to day expenditures for the Government, businesses, and individuals.This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war.

Audrey Guinchard | Audrey Guinchard

[1] Elmarie Kritzinger,et al. Cyber security for home users: A new way of protection through awareness enforcement , 2010, Comput. Secur..

[2] Susan W. Brenner,et al. Cyberthreats: The Emerging Fault Lines of the Nation State , 2009 .

[3] Johannes M. Bauer,et al. Cybersecurity: Stakeholder incentives, externalities, and policy options , 2009 .

[4] Lilian Edwards,et al. Information Security and Cybercrime , 2009 .

[5] Kim-Kwang Raymond Choo. High tech criminal threats to the national information infrastructure , 2010, Inf. Secur. Tech. Rep..

[6] Jensen J. Zhao,et al. Opportunities and threats: A security assessment of state e-government websites , 2010, Gov. Inf. Q..

[7] M. J. Williams,et al. (In)Security Studies, Reflexive Modernization and the Risk Society , 2008 .

[8] H Roberts,et al. Risk Society: Towards a New Modernity , 1994 .

[9] Ian Brown,et al. Reducing Systemic Cybersecurity Risk , 2011 .

[10] Johannes M. Bauer,et al. The Role of Internet Service Providers in Botnet Mitigation an Empirical Analysis Based on Spam Data , 2010, WEIS.

[11] B. B. Gupta,et al. Defending against Distributed Denial of Service Attacks: Issues and Challenges , 2009, Inf. Secur. J. A Glob. Perspect..

[12] H. Raghav Rao,et al. Firms' information security investment decisions: Stock market evidence of investors' behavior , 2011, Decis. Support Syst..