The subdiscipline of security economics was instigated by Ross Anderson in 2001 [4], with the first annual Workshop on the Economics of Information Security held in 2002. This knowledge guide does not seek to summarise the entire field in a few short pages, an impossible task to be sure. Instead, the goal is to introduce the reader to some of the most impactful ways in which economics has helped to shed light on cybersecurity problems and frame solutions that blend private and public action. The guide focuses on the organisational, rather than individual, perspective, which is where the majority of scholarly activity has focused.
Section 2 describes canonical security failures from an economic perspective. Section 3 describes key measurement challenges. Section 4 reviews firm-level approaches to improving cybersecurity while Section 5 discusses available public-policy options.
The CyBOK introduction identifies Cyber Security Economics as a cross-cutting theme [36]. We cross-reference relevant CyBOK knowledge areas throughout this guide for the interested reader to explore further.
Views: 11
