The economics of information security and privacy

In the late 1990s, researchers began to grasp that the roots of many information security failures can be better explained with the language of economics than by pointing to instances of technical flaws. This led to a thriving new interdisciplinary research field combining economic and engineering insights, measurement approaches and methodologies to ask fundamental questions concerning the viability of a free and open information society. While economics and information security comprise the nucleus of an academic movement that quickly drew the attention of thinktanks, industry, and governments, the field has expanded to surrounding areas such as management of information security, privacy, and, more recently, cybercrime, all studied from an interdisciplinary angle by combining methods from microeconomics, econometrics, qualitative social sciences, behavioral sciences, and experimental economics. This book is structured in four parts, reflecting the main areas: management of information security, economics of information security, economics of privacy, and economics of cybercrime. Each individual contribution documents, discusses, and advances the state of the art concerning its specific research questions. It will be of value to academics and practitioners in the related fields.

Part I - Management of Information Security.- A Closer Look at Information Security Costs.- To Invest or Not to Invest? Assessing the Economic Viability of a Policy and Security Configuration Management Tool.- Ad-Blocking Games: Monetizing Online Content Under the Threat of Ad Avoidance.- Software Security Economics: Theory, in Practice.- Part II - Economics of Information Security.- An Empirical Study on Information Security Behaviors and Awareness.- Sectoral and Regional Interdependency of Japanese Firms Under the Influence of Information Security Risks.- Can We Afford Integrity by Proof-of-Work? Scenarios Inspired by the Bitcoin Currency.- Online Promiscuity: Prophylactic Patching and the Spread of Computer Transmitted Infections.- Part III - Economics of Privacy.- The Privacy Economics of Voluntary Over-disclosure in Web Forms.- Choice Architecture and Smartphone Privacy: There's a Price for That.- Would You Sell Your Mother's Data? Personal Data Disclosure in a Simulated Credit Card Application.- Part IV - Economics of Cybercrime.- Measuring the Cost of Cybercrime.- Analysis of Ecrime in Crowd-Sourced Labor Markets: Mechanical Turk vs. Freelancer.