100% (1)
4 pages/≈1100 words
English (U.S.)
MS Word
Total cost:
$ 21.6

Economics: Cost/benefit & Incentive Design

Essay Instructions:

Cost Benefit Analysis: 

Revisit Bruce Schneier's presentation in module two. This time, please focus on his discussions on cost/benefit analysis.

Multi-media Presentation by Schneier, Bruce. (2008) Reconceptualizing Security on topics of Security Feeling, Reality and Model. Infosecurity Europe, April 23, 2008. Video BruceSchneier

Audio Hall_of_Fame_BruceSchneier.mp3

If you don't have access to the multimedia presentation, then simply read his article mentioned in module two. The article is:

Schneier, Bruce. The Psychology of Security. http://www(dot)schneier(dot)com/essay-155.html

The following article provides an example how such a cost/benefit analysis is considered.

Schneier, Bruce. Security at What Cost? National ID System Is Not Worth The $23 Billion Price Tag. http://www(dot)schneier(dot)com/essay-207.html.

The following article uses some typical accounting measurements for economics of information security.

Gordon, L. A., & Richardson, R. (2004). The New Economics of Information Security. Optimize. April 2004. p83-867 (Trident library)

The following article recaps what we talked about perceptions of security. More importantly, it discusses how people generally do not perceive gains and costs equally. When you conduct a cost/benefit analysis of security, you should keep that in mind.

West, Ryan (2008). The Psychology of Security. Communications of the ACM, Apr2008, Vol. 51 Issue 4. pp34-40.

II.Incentive Design: 

The economics of information security is not only about cost/benefit analysis of implementing a security measure. Another major topic in economics is mechanism design, which provides principles and methods (like game theory) to help design incentive-compatible mechanisms that ensure participants are better off behaving honestly than dishonestly. See the following article to get a peek:

The Economist. (2007) Intelligent Design. Oct 18th, 2007. http://www(dot)economist(dot)com/finance/displaystory.cfm?story_id=9988840

To know more about the three Nobel Prize winners in 2007 economics division, surf http://nobelprize(dot)org/nobel_prizes/economics/laureates/2007/ and check them out.

It is not easy to understand the revelation principle or the incentive-compatible design. I introduce you the concepts here for the purpose of making you aware of such a method. It takes time to learn how to design a game (a mechanism) that every party is better off by being honest.

Well, on a lighter note. Interestingly, a movie called "Mad Money" tells a story of three female employees of the Federal Reserve Bank stealing money that is about to be shredded. It is not a movie that I recommend to watch a second time, but it is entertaining enough to watch once. The movie is also a fit for the educational purpose here. I suggest you watch it once when you get a chance during this term, and pay special attention to the human factors -- especially the incentives of the thieves and the Chief Security Officer.

III.Other Economics Issues as to Security: 

As a matter of fact, there are many aspects in applying economics to information security. The following article has mentioned a list of authors that research economics of information security and provided a brief overview of their research:

Anderson R. and Schneier B., (2005) Economics of Information Security, IEEE Security and Privacy 3 (1), 2005, pp. 12-13. (Retrieved May 19, 2008).

To know more in depth, you can choose to view the video (optional):

Simonyi Konferencia 2011 - Economics of Information Security and Privacy. Retrieved from http://www(dot)youtube(dot)com/watch?v=fSfH80DY6S4

You are probably overwhelmed now with all these economics. I hope you also have broadened your views on security and have said "wow" to yourself that now you hold a much broader view on security and how to approach it from economic perspective.

Please write a 4- to 6-page paper discussing what you have learned:

What are the economic considerations of information security and its management?

In preparing your paper, you need to discuss the following issues, and support with arguments and evidence:

•What are the major economic considerations in information security and management?

•Are these economic considerations serving their purposes?

•Why do these economic measures help?

•Discuss economic mechanisms that can improve information security and management.

•Provide a comparative table of the economic measures that you discussed. 

Assignment Expectations (50 points total)

Length: Minimum 4–6 pages excluding cover page and references (since a page is about 300 words, this is approximately 1,200–1,800 words).

Assignment-driven criteria (25 points): Demonstrates clear understanding of the subject and addresses all key elements of the assignment.

Critical thinking (10 points): Demonstrates mastery conceptualizing the problem. Shows analysis, synthesis, and evaluation of required material.

Scholarly writing (5 points): Demonstrates writing proficiency at the academic level of the course; addresses the Learning Outcomes of the assignment.

Quality of references (4 points) and assignment organization (3 points): Uses relevant and credible sources to support assertions. Assignment is well organized and follows the structure of a well-written paper.

Citing sources (3 points): Uses in-text citations and properly formats references in APA style.

Essay Sample Content Preview:

Economics: Cost/benefit & Incentive Design
Economic considerations in information security and management
Information security relates to the need to protect information and information systems from threats of damage and unauthorized access. In other words, there is a need to maintain confidentiality of information, highlighting the need to put in place measures to avoid unauthorized data access. People typically assume that there are less vulnerable to security than they actual are, and such perceptions about risk place computer users at a more vulnerable position as they are lax on information security (West, 2008). Even though total security cannot be guaranteed, the benefits of better security measures outweigh the costs.
Economic considerations of information security have garnered interest more than ever before. One of the most common considerations is the cost implication of poorly secured information systems. Given that electronic fraudsters are being more audacious, the implications for organizations and individuals are that poor computer security might lead to economic loss to computer users. It is noteworthy that internet is vulnerable to attacks because the liability diffuses too many people. In any case, organizations are aware of the benefits of secure information system but the regulatory frameworks and incentives to organizations are insufficient to motivate them to improve computer security. Additionally, the costs of improving security might not make economic sense to computer users, while linkages to ensure information security measures are adequately passed to the final consumer or taxpayer.
Another economic consideration taken into account in assessing the viability of information security is the trade-offs in security measures undertaken. Besides the costs of implementing security measures there are other factors that affect decisions on whether to undertake the measures. As such, assessing the cost and benefits of computer and information system security should take into account the tradeoffs that are to be made to organizations, individuals and the society (Schneier, 2008). In other words, one should not only look at effectiveness of security measures, but rather the trade off. This includes the severity and magnitude of the risks, countermeasures to edge against the risk as well as the extent to which risks and costs can be measured (Schneier, 2008).
The purpose of economic considerations
Economic decisions are important indicators on the value of having better information systems. The economic angle to security measures cannot be ignored, although technical considerations receive much attention. In essence, by focusing on the benefits of the security measures as well as costs, then this perspective provides more information on the reasons for information security. The traditional approach has been to highlight on technical flaws, but in having an open information society, there is bound to be questions on the use of the cost/ benefit framework in understanding the impact of secure computer systems. Both organizations and individuals have been slow in embracing security protocols because of the cost implications.
The benefits of information security are informing the decision makers on whether to adopt them by taking into account tradeoffs of security and privacy. As such, they are serving their purpose, since people are more aware about the need to take into account security and privacy measures for user valuation. In any case, finding issues that compromise information insecurity further highlights on the ways to improve privacy even as people working together and share information. Since the offenders and attackers of information security have different motives, then highlighting on trade off between security and privacy can provide a common ground for which to maximize on the benefits of information security.
The need for economic measures
In the era of globalization, there has been increased integration of organizatio...
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Sign In
Not register? Register Now!