Information security: where computer science, economics and psychology meet-Reference-Cited by-同舟云学术

Information security: where computer science, economics and psychology meet

Published:2009-07-13 Issue:1898 Volume:367 Page:2717-2727
ISSN:1364-503X
Container-title:Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences
language:en
Short-container-title:Phil. Trans. R. Soc. A.

Author:

Anderson Ross¹,Moore Tyler²

Affiliation:

1. Computer Laboratory, University of Cambridge15 JJ Thomson Avenue, Cambridge CB3 0FD, UK

2. Center for Research on Computation and Society, Harvard University33 Oxford Street, Cambridge, MA 02138, USA

Abstract

Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into ‘security’ topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems—one that is both principled and effective.

Publisher

The Royal Society

Subject

General Physics and Astronomy,General Engineering,General Mathematics

Link

https://royalsocietypublishing.org/doi/pdf/10.1098/rsta.2009.0027

Reference40 articles.

1. Acquisti A. & Grossklags J. 2004 Privacy and rationality: preliminary evidence from pilot data. In Proc. Third Workshop on the Economics of Information Security Minneapolis MN 13–14 May 2004 .

2. The Market for "Lemons": Quality Uncertainty and the Market Mechanism

3. Error and attack tolerance of complex networks

4. Why cryptosystems fail

5. Anderson R. J. 2001 Why information security is hard—an economic perspective. In Proc. Seventeenth Annual Computer Security Applications Conf. New Orleans LA 11–14 December 2001 pp. 358–365.

Cited by 43 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. How Should Enterprises Quantify and Analyze (Multi-Party) APT Cyber-Risk Exposure in their Industrial IoT Network?;ACM Transactions on Management Information Systems;2023-10-19

2. Should firms invest more in cybersecurity?;Small Business Economics;2023-09-21

3. From a rugged to a smooth supply chain performance landscape: a complementarity perspective;Production Planning & Control;2023-06-05

4. How Hard Is Cyber-risk Management in IT/OT Systems? A Theory to Classify and Conquer Hardness of Insuring ICSs;ACM Transactions on Cyber-Physical Systems;2022-10-31

5. Designing Through The Stack: The Case for a Participatory Digital Security By Design;Proceedings of the 2022 New Security Paradigms Workshop;2022-10-24