The Community for Technology Leaders
RSS Icon
Issue No.01 - January/February (2010 vol.8)
pp: 53-55
Rainer Böhme , International Computer Science Institute
Tyler Moore , Harvard University
We outline a model for security investment that reflects dynamic interaction between a defender, who faces uncertainty, and an attacker, who repeatedly targets the weakest link. Using the model, we derive and compare optimal security investment over multiple periods, exploring the delicate balance between proactive and reactive security investment.
economics, security, optimal security investment under uncertainty, ROSI
Rainer Böhme, Tyler Moore, "The Iterated Weakest Link", IEEE Security & Privacy, vol.8, no. 1, pp. 53-55, January/February 2010, doi:10.1109/MSP.2010.51
1. R.J. Anderson and T. Moore, "The Economics of Information Security," Science, vol. 314, no. 5799, 2006, pp. 610–613.
2. H.R. Varian, "System Reliability and Free Riding," Economics of Information Security, L.J. Camp, and S. Lewis eds., Springer-Verlag, 2004, pp. 1–15.
3. T. Moore, and R. Clayton, "Examining the Impact of Website Take-Down on Phishing," Proc. Anti-Phishing Working Group eCrime Researchers Summit, ACM Press, 2007, pp. 1–13;
4. O. Day, B. Palmen, and R. Greenstadt, "Reinterpreting the Disclosure Debate for Web Infections," Managing Information Risk and the Economics of Security, M.E. Johnson ed., Springer, 2008, pp. 179–197.
5. L.A. Gordon, and M.P. Loeb, "The Economics of Information Security Investment," ACM Trans. Information and System Security, vol. 5, no. 4, 2002, pp. 438–457.
6. R. Böhme and T. Moore, "The Iterated Weakest Link: A Model of Adaptive Security Investment," Workshop on the Economics of Information Security (WEIS), 2009;
7. L.A. Gordon, M.P. Loeb, and W. Lucyshyn, "Information Security Expenditures and Real Options: A Wait-and-See Approach," Computer Security J., vol. 14, no. 2, 2003, pp. 1–7.
32 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool