International Conference on Electronics, Information and Communication Engineering (EICE 2012)
28 Who Pays for a Security Violation? An Assessment into the Cost of Lax Security, Negligence and Risk, a Glance into the Looking Glass
Download citation file:
- Ris (Zotero)
- Reference Manager
Information security is a risk function. Paying for too much security can be more damaging in economic terms than not buying enough. This leads to the optimal expenditure on damage prevention and the question as to where this should lie. Who should be responsible for the security failures that are affecting the economy and society and how is this maximized in order to minimize negative externalities? Next, how do we best enforce liability in a global economy? In this paper, we address some of the economic issues that are arising due to an inability to assign risk correctly. We look at the externalities that restrict the development of secure software and how the failure of the end user to apply controls makes it less probable that a software vendor will enforce stricter programming controls.