M. Eric Johnson 
Managing Information Risk and the Economics of Security 

Security has been a human concern since the dawn of time. With the rise of the digital society, information security has rapidly grown to an area of serious study and ongoing research. While much research has focused on the technical aspects of computer security, far less attention has been given to the management issues of information risk and the economic concerns facing firms and nations. Managing Information Risk and the Economics of Security provides leading edge thinking on the security issues facing managers, policy makers, and individuals. Many of the chapters of this volume were presented and debated at the 2008 Workshop on the Economics of Information Security (WEIS), hosted by the Tuck School of Business at Dartmouth College. Sponsored by Tuck’s Center for Digital Strategies and the Institute for Information Infrastructure Protection (I3P), the conference brought together over one hundred information security experts, researchers, academics, reporters, corporate executives, government officials, cyber crime investigators and prosecutors. The group represented the global nature of information security with participants from China, Italy, Germany, Canada, Australia, Denmark, Japan, Sweden, Switzerland, the United Kingdom and the US. This volume would not be possible without the dedicated work Xia Zhao (of Dartmouth College and now the University of North Carolina, Greensboro) who acted as the technical editor.

Inhaltsverzeichnis

Managing Information Risk and the Economics of Security.- Nonbanks and Risk in Retail Payments: EU and U.S..- Security Economics and European Policy.- BORIS –Business ORiented management of Information Security.- Productivity Space of Information Security in an Extension of the Gordon-Loeb’s Investment Model.- Communicating the Economic Value of Security Investments: Value at Security Risk.- Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security.- The Value of Escalation and Incentives in Managing Information Access.- Reinterpreting the Disclosure Debate for Web Infections.- The Impact of Incentives on Notice and Take-down.- Studying Malicious Websites and the Underground Economy on the Chinese Web.- Botnet Economics: Uncertainty Matters.- Cyber Insurance as an Incentivefor Internet Security.- Conformity or Diversity: Social Implications of Transparency in Personal Data Processing.- Is Distributed Trust More Trustworthy?.