Presentation is loading. Please wait.

Presentation is loading. Please wait.

Economics of Network Security Initial presentation Knut Magnus Kvamtrø NTNU

Published byDarrell Atkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Economics of Network Security Initial presentation Knut Magnus Kvamtrø NTNU"— Presentation transcript:

1 Economics of Network Security Initial presentation Knut Magnus Kvamtrø NTNU knutmak@s.n.n

2 2 This presentation Definition of network security The economical aspect! Empiricism and information asymmetry The worst case scenario(s) About essay research Future work Primary sources Questions and comments

3 https://www.sans.org/network-security/3 What is network security? Preventative measures (both in hardware and software) Protect underlying network infrastructure and carried information from  Unauthorized access  Misuse  Malfunction  Modification  Destruction  Improper disclosure ……

4 4 How does economy come into play? Preventative measures require expenses No system can techically be totally secure from a motivated external entity Number of available options in hardware, software, training, etc. are boundless It is economically unsound to spend all available funds on security Some risk must be accepted => There must exist a set of optimal strategies which can be modeled!

5 https://en.wikipedia.org/wiki/Gordon-Loeb_Model5 Economic research Gordon-Loeb Model  A mathetmatical economic model analyzing the optimal investment level in information security  Argues that the amount spent should generally only be a small fraction of expected loss after breach  Also shows (in general terms) that organizations may expect higher return on investment by focusing on medium-risk vulnerabilities i.e. The optimal amount to spend does not follow the degree of vulnerability

6 https://www.cl.cam.ac.uk/~rja14/Papers/moore-anderson-infoeconsurvey2011.pdf6 Empiricism and information asymmetry How much is lost?  AT&T CSO testified to US Congress in 2009 that cyber- criminal's total annual profit exceeds $1 trillion  $1 trillion (NOR: “billion”) is approx. 7% of US GDP  This exceeds the revenue of the sector =>The CSO is lying! Conservative estimate in the billions of dollars Losses are high, but vendors have incentives to exaggerate damage Also affects security product quality  Akerlof's “Market for lemons” (1970)

7 7 The worst-case scenario(s) Target (2013)  40 million credit- and debit-card records  70 million customer records  Est. cost: $252 million  Only 0.1% of sales Sony (2014)  Initial estimate of losses exceeded $100 million  Sony's third-quarter financial statement notes “$15 million in investigation and remediation cost”  General manager later stated a figure of $35 million for the fiscal year  Still only 0.9% to 2% of projected sales for 2014

8 8 About essay research Truthful empirical studies are difficult to obtain The subject is quite new (as are all in the course) Morals don't matter The field of study is vast Limiting the scope is difficult

9 9 Future work So far, only general research about the topic If scope has to be limited, the primary focus of the essay could be… Economical liability, disclosure and compensation after unintended distribution of personal information

10 10 Primary sources Journals  ACM Transactions on Economics and Computation Tech reports  Economics and Internet Security: a Survey of Recent Analytical, Empirical and Behavioral Research (Anderson et al.) Books  The Economics of Information Security (Anderson et al.) Workshops/Conferences  Workshop on Economics and Information Security  ACM Conference on Economics and Computation

11 11 Thank you! Questions/comments?

Download ppt "Economics of Network Security Initial presentation Knut Magnus Kvamtrø NTNU"

Similar presentations

Financing the Business Chapter 36. How are they different? The easiest way to separate accounting and finance is to think of accounting as the past and.

Financing the Business Chapter 36. How are they different? The easiest way to separate accounting and finance is to think of accounting as the past and.
Quick Quiz 3.04.

Quick Quiz 3.04.
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
FUNDAMENTALS OF ACCOUNTING Dr. Rana Singh www. ranasingh

FUNDAMENTALS OF ACCOUNTING Dr. Rana Singh www. ranasingh
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
Financial and Managerial Accounting

Financial and Managerial Accounting
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
Crowd Funding – Legal and other Issues Recent Legal Developments affecting the Technology Industry Conference July 25, 2013 Dr. Ayal Shenhav, Adv.

Crowd Funding – Legal and other Issues Recent Legal Developments affecting the Technology Industry Conference July 25, 2013 Dr. Ayal Shenhav, Adv.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
ECONOMIC ASPECTS OF CYBERSECURITY

ECONOMIC ASPECTS OF CYBERSECURITY
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
Munich Re-Germanwatch Briefing 2004 Insuring the Uninsurable: Climate Change and Insurance Reinhard Mechler IIASA May 10, 2004 Financing natural disaster.

Munich Re-Germanwatch Briefing 2004 Insuring the Uninsurable: Climate Change and Insurance Reinhard Mechler IIASA May 10, 2004 Financing natural disaster.
Copyright ©2004 Pearson Education, Inc. All rights reserved. Chapter 14 Stock Analysis and Valuation.

Copyright ©2004 Pearson Education, Inc. All rights reserved. Chapter 14 Stock Analysis and Valuation.
Technical Update Presented by Chris Ray Partner - KPMG LLP KPMG LLP.

Technical Update Presented by Chris Ray Partner - KPMG LLP KPMG LLP.
Slide 1 Policy Alternatives to Stimulate Private Sector Investment in Domestic Alternative Fuels Wally Tyner with assistance from Dileep Birur, Justin.

Slide 1 Policy Alternatives to Stimulate Private Sector Investment in Domestic Alternative Fuels Wally Tyner with assistance from Dileep Birur, Justin.
Estimating the Market for Internet Service Provider-Based Cyber Security Solutions Brent Rowe – RTI International Doug Reeves – NC State University Dallas.

Estimating the Market for Internet Service Provider-Based Cyber Security Solutions Brent Rowe – RTI International Doug Reeves – NC State University Dallas.
3R’s: Research, Retention and Repayment Predicting the Future by Understanding Current and Past Students.

3R’s: Research, Retention and Repayment Predicting the Future by Understanding Current and Past Students.
This PPP #2 based on chapter 8 of the textbook ( pp.173-190) will be reviewed again in PPP #3 in “Review of Chapters 2 and 8, and Advanced Discussion”.

This PPP #2 based on chapter 8 of the textbook ( pp ) will be reviewed again in PPP #3 in “Review of Chapters 2 and 8, and Advanced Discussion”.

Similar presentations

Ads by Google