Issue No. 05 - Sept.-Oct. (2012 vol. 10)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.125
Daniel E. Geer Jr. , In-Q-Tel
There's some risk aversion at play in cybersecurity; risk aversion is why a General Counsel will say that if you might have lost data, then you have to act as if you did lose it. Risk aversion is why some firms (and some people) keep no records. We're living in a time when legislatures want to force risk reductions in cyberspace. It's altogether likely that any legislature that acts will do so by setting up some sort of agency to oversee the process of risk reduction in cyberspace. Risk reduction agencies are purposefully risk averse and immortal, which guarantees that their enforcement power inevitably demands diseconomic risk reductions.
Cyberspace, Risk assessment, Computer security, cyberspace, risk, risk aversion, risk reduction
Daniel E. Geer Jr., "Risk Aversion", IEEE Security & Privacy, vol. 10, no. , pp. 86-87, Sept.-Oct. 2012, doi:10.1109/MSP.2012.125