StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Economic Considerations of Information Security and Its Management - Research Paper Example

Cite this document
Summary
The paper "Economic Considerations of Information Security and Its Management" states that economics can assist in explaining the reasons why the state of security of information is not significant, but it is important to consider the economic principles that are applicable to information security…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.3% of users find it useful
Economic Considerations of Information Security and Its Management
Read Text Preview

Extract of sample "Economic Considerations of Information Security and Its Management"

Topic: Economic considerations of information security and its management Economic considerations of information security and its management Information security entails economic incentives since it involves technological mechanisms. The increase in cases of denial-of-service attacks, spams and botnets may be ascribed to incentives among the defenders being misaligned as well as skillful exploitation from attackers. Security considerations along with economic incentives influence the design and implementation of surveillance and tracking systems. The current information age founded in computers has evolved the manner in which firms carry out their operations along with the need to address information security. Undeniably, information security has evolved to be as significant to contemporary organizations as the security of perceptible physical resources. It is not surprising that the quickly increasing body of research dwells on issues of information security. Research should focus largely on the technical dynamics of the protection of information in computer-based systems through encryption, hardware controls as well as software and data controls. The behavioral dynamics associated with the prevention breaches in information security have attracted a lot of attention in the recent times among researchers. Conversely, there has been very little attention towards addressing the economic aspects of information security; particularly with the magnitude of resources that have been directed to improve information management by organizations, what these organizations require is a framework that will assist in deriving optimal levels of spending on information security. Economic perspectives typically recognize that even though some degree of investment in information security is noble, additional security is not always worth the associated costs (Bidgoli, 2006). Therefore, it is important to consider the manner in which vulnerabilities of information as well as losses that are linked to the vulnerability impact the ideal amount of resources that are supposed to be directed to making information secure. For a wide variety of probability functions in regards to security breach, the ideal amount that should spent on information security is a rising function based in the degree of the vulnerability of the information. However, in some cases, the ideal amount to spend on security of information initially increases and later declines with similar degrees of vulnerability of information (Rao & Upadhyaya, 2009). The managers who are responsible for allocation of information security budgets should typically concentrate that is categorized in the mid-range of vulnerability as far as breaches and other threats to the information is concerned. Therefore, an important effort for the managers should entail partitioning the types of information into levels of security vulnerability to breaches and other threats ranging from low to high. Other sets of information sets may be hard to protect at high degrees of security and thus it is better to defend this information at a moderate degree. The managers should consider a variety of aspects of security trade off including the possibility of risk, the severity of risk, the amount of expense as well as the efficiency of counter-measures used to alleviate the risks. Consultant and vendors of information security usually dwell on the huge potential losses that may arise from security breaches so that they can to sell their services and products. The experienced information security managers have an awareness of the possible losses and know that they are usually a magnitude order smaller than the possible loss. The ideal amount to spend on information security is normally less than the losses that can be expected from security breaches. Investments in information security can entail spillovers, this may lead to positive externalities, and benefits can accumulate when improvements in trust when transacting with specific organizations expand the overall size of the market within an industry. Various industries have faced positive demand shocks through effective attempts to cross-sell and upsell, as a result of alleviating the fears of the customers in regards to issued associated with information security and privacy (Böhme, 2013). These benefits are evidently significant in realms like e-commerce, and for instance, the pioneering endeavors by Amazon in the protection of the integrity of their customer’s data, if the customers had positive ripple effects on the magnitude of the potential markets of other companies in the same industry. This resulted in a rise in online purchase since the confidence of the customers to reveal their credit card numbers as well as other personal information has increased significantly. Economics can assist in explaining the reasons why the state of security of information is not significant, but it is important to consider the economic principles that are applicable to information security. The Scarcity principle simply demonstrates that having more of one good aspect will mean having less of another one and is also considered as the security trade-off. The principle of cost benefit entails taking no actions unless their marginal benefits are as significant as their marginal costs and is typically connected to attack profiles. The incentive principle considers comparisons between costs and benefits as being relevant to the identification of decisions, which should be made by practical people, as well as the prediction of the actual decisions that they settle on. These aspects assist on explaining the various failures linked to information security, and scarcity and cost benefit assist in explaining the reasons why information security does not get the same amount of resources as other aspects of IT. On the other hand, the incentive principle is critical to explaining reasons why information usually lacks from large commodities like duplications of Microsoft windows. An additional economic theory that is employed in repeatedly in various areas is the tragedy of the commons that provides a description of the manner in which more than one person who acts independently for their personal interest consumes the common resource (Johnson, 2008). Numerous researchers have analogized that the internet is the commons and no specific group of interest that is incentivized to safeguard it wholly. For instance, even though individual consumers may be incentivized to buy anti-virus software for the protection of their systems, it is unlikely that they will but the software to safeguard attacks aimed at a third party. The theory of the lemon market foretells that that products associated with information technology will have intrinsic security, and since security is a commodity based on trust, the buyer is not in a position to differentiate between a used car in good condition and a lemon (Moore, Pym & Ioannidis, 2010). Therefore, the buyer will only be willing to pay the price of the lemon, implying that products, which are secure, cannot be easily distinguished from those, which are insecure, and this makes companies become less incentivized to create secure products since the buyers will not know the difference. Therefore, the economic theory can be used to elucidate the incentives that led to the prevailing state of security. Comparative table Scarcity
Principle Also referred to as security trade-off and proposes that when more than one good aspect exists, then there will be less of the others. Cost‐Benefit
Principle Suggests that actions should not be taken unless their marginal benefits are as significant as the associated marginal costs and is usually linked to attack profiles. Incentive
Principle Comparisons between costs and benefits become relevant for the identification of decisions which should be made by practical people while at the same time forecasting the same decisions. References Bidgoli, H. (2006). Handbook of Information Security Volume 2. Hoboken: John Wiley & Sons. Böhme, R. (2013). The Economics of Information Security and Privacy. Berlin, Heidelberg: Springer Berlin Heidelberg. Johnson, M. (2008). Managing information risk and the economics of security. New York: Springer. Moore, T., Pym, D., & Ioannidis, C. (2010). Economics of information security and privacy. New York: Springer. Rao, H., & Upadhyaya, S. (2009). Information assurance, security and privacy services. Bingley, UK: Emerald. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Economics Research Paper Example | Topics and Well Written Essays - 1000 words - 4”, n.d.)
Retrieved from https://studentshare.org/information-technology/1695700-economics
(Economics Research Paper Example | Topics and Well Written Essays - 1000 Words - 4)
https://studentshare.org/information-technology/1695700-economics.
“Economics Research Paper Example | Topics and Well Written Essays - 1000 Words - 4”, n.d. https://studentshare.org/information-technology/1695700-economics.
  • Cited: 0 times

CHECK THESE SAMPLES OF Economic Considerations of Information Security and Its Management

Network Security Risk Assessment

he increasing complexity of information systems has resulted to information security threats .... The increasing complexity of information systems has resulted to information security threats which have infringed the right of individuals to privacy of information.... with a view of investigating its information assets, organizational risk, security posture and problems which leads to the recommendation of the ways that can be implemented in order to mitigate the information security problem within the organization....
9 Pages (2250 words) Term Paper

The Economic Considerations Of Information Security And Its Management

The Economic Considerations of Information Security and Its Management.... The Economic Considerations of Information Security and Its Management.... Furthermore, a number of major controversial cyber-policy matters also exist between information security and economics (Anderson & Schneier, 2008), (NIST, 2010) and (Anderson & Moore, 2007).... In all of these cases, the technical considerations of security are less important than the economic considerations (Anderson & Schneier, 2008), (NIST, 2010) and (Anderson & Moore, 2007)....
3 Pages (750 words) Essay

Information Security Management Issues

The essay "Information Security Management Issues" analyzes the major disputable issues on the system of information security management.... Moreover, customers' issues produce the need for companies to manage information security properly and effectively.... Thus, an organized collection of procedures, people, and information technology (IT) structure that protects decisive systems and information, and secures them from inside as well as outside intimidations are known as information security management (ISM) (Sipior, & Ward, 2008), (Northern Illinois University, 2007) and (Grimaila, 2004)....
11 Pages (2750 words) Essay

Security Management

Additionally, Return on Security Investment calculation aids the firm's management to know the extent to which the security investment is enough (Bruce, 2008).... This task looks at security management issues, dissecting aspects of ROSI with reference to Blackberry Company.... The firm thereafter decides on the most cost effective solutions to its security woes.... The Return on Security Investment aids the organization to determine if it spends too much on its security bids....
17 Pages (4250 words) Research Paper

Information Security Management in the USA

The basic issue in the paper 'information security Management in the USA', which the author has chosen for discussion is information hacking.... Thus, an organized collection of procedures, people and information technology (IT) structure that protects decisive systems and information, and secure them from inside as well as outside intimidations is known as information security management (ISM) (Sipior & Ward, 2008), (Northern Illinois University, 2007) and (Grimaila, 2004)....
10 Pages (2500 words) Dissertation

Similarities and Differences between Security Risk Management

The paper "Similarities and Differences between Security Risk management" states that the outcome of both assessments provides recommendations that maximize the protection of confidentiality, integrity and availability while providing usability and functionality.... With the changing market environment, most firms and business organizations are deemed to develop an effective management system that will be able to identify both current and future potential business risks and threats....
10 Pages (2500 words) Coursework

The Technology of Intelligent Building Management Systems

This study "The Technology of Intelligent Building Management Systems" aims at introducing the technology of intelligent building management systems and list as well as critically discuss the security managers' considerations of intelligent building management systems.... This is, however, possible with the use of an intelligent building management system that integrates all the systems together.... Intelligent building management systems make the occupants of buildings comfortable and live in well-being with sustainable designs....
13 Pages (3250 words) Term Paper

An Introduction to the Intelligent Building Management System and its Vulnerabilities

The paper "An Introduction to the Intelligent Building Management System and its Vulnerabilities" is a worthy example of a term paper on management.... The paper "An Introduction to the Intelligent Building Management System and its Vulnerabilities" is a worthy example of a term paper on management.... The paper "An Introduction to the Intelligent Building Management System and its Vulnerabilities" is a worthy example of a term paper on management....
13 Pages (3250 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us