StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Why Information Security Is Hard - Essay Example

Cite this document
Summary
The paper "Why Information Security Is Hard" discusses that the economic tool of asymmetrical information works in favor of the attacker. Hence proving that attack is simply easier than defense and creating further complications for software engineers and making software security a huge challenge…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.4% of users find it useful
Why Information Security Is Hard
Read Text Preview

Extract of sample "Why Information Security Is Hard"

In the papers ‘Why information security is Hard’ by Ross Anderson and ‘The Economics of information security’ by Ross Anderson and Tyler Moore we see how a lot has been said about the lack of information security mechanisms to shield end users from scams and privacy violations. We also see aspects such as monopolistic gain, price discrimination, and risk dumping as key drivers behind security system design. Furthermore, it is brought to our attention how recent developments in the economics of information security have led to the realization that a failure in security is caused as much by bad incentives as by bad design.

Other incentives include consumers’ lack of prioritizing security measures which resulted in their minimum spending on software security. This is referred to by economists as ‘The tragedy of the commons’ with consumers unwilling to spend on measures that did not directly benefit them. Third is the failure in privacy and prolonged regulatory issues due to poor allocation of online risks. Last is the ability of these incentives to affect defense and offense strategies.

By highlighting these key aspects we can move on to examining two mutually exclusive reasons for the decline in credit card number prices and violations of security based on economics being the reason for the existence of economics of security. The first

of these reasons is ‘Network Externality’. In the information sector network externality refers to the software industry. Where the number of software users counts as the operating system developed depends on the choices of these people. So when the software company is in its initial development phase it tends to ignore security to strengthen its market position, later they add security measures once they have locked down on its target market.

In economies this principle is called Metcalfe’s law, stating that the value of a network grows with the number of people using it. This principle when applied to credit cards can be viewed as more merchants take credit cards their usefulness increases in the eyes of the customer. This results in more customers having credit cards increasing the likelihood of more merchants accepting them. So we notice that although the credit card network grows slowly initially positive feedback rolls in exponential growth results. This has a direct impact on the decrease in credit card number prices with a burst of credit card users.

The second reason for this mutually exclusive occurrence has to do with ‘competitive applications and corporate warfare’. About credit cards, we look at the business strategy that requires manipulating switching costs. This can incorporate direct and indirect switching costs in terms of making systems incompatible or controlling marketing channels. Sometimes product differentiation and higher switching costs can both be used as security mechanism goals. For example, look at Microsoft

Passport, which operates with the promise of a single sign-on that facilitates consumer convenience. However, that being said the real goal of Microsoft Passport is to subtly

gather huge sums of data on consumer purchasing patterns with the expansion of a strong network externality. Also, it limits the customer choice since the undertaken transactions are only operational on Microsoft software. This shows how instead of a concentration on security the product concentrates instead on web server control and acquisition of information markets. The product's credit card transactions and details, which are all kept by Microsoft, result in the creation of a target market. This increases the probability of a greater external threat as well as a stranger impersonating you simply by having your cookie file.

These present and unavoidable vulnerabilities in software’ bring us towards the violations of the security aspect of the economic element that leads us to believe that ‘offense is harder than defense’. This can be seen as there are sufficient security vulnerabilities present to do statistics in which case different testers find different bugs. Therefore even a very quite resourced attacker can break into a large and complex base. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Computer Security Essay Example | Topics and Well Written Essays - 750 words”, n.d.)
Retrieved from https://studentshare.org/environmental-studies/1406635-computer-security
(Computer Security Essay Example | Topics and Well Written Essays - 750 Words)
https://studentshare.org/environmental-studies/1406635-computer-security.
“Computer Security Essay Example | Topics and Well Written Essays - 750 Words”, n.d. https://studentshare.org/environmental-studies/1406635-computer-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Why Information Security Is Hard

CB Hart Law Firm: An Information Security

Data and information security is very crucial and should be handled through authentication techniques accessed by delegated individuals to handle and manage the confidential information that the survival of the organization depends on (Reeves, 2006, p.... This report "CB Hart Law Firm: An information security" presents information security as a key factor to assist in establishing the integrity of information.... The Law firm should also identify the problems encountered by users in all departments and branches so that comprehensive training may be carried out to ensure that they are at par with the required information security regulations....
11 Pages (2750 words) Report

The Economic Considerations Of Information Security And Its Management

The economic considerations of information security and its management.... The economic considerations of information security and its management.... Furthermore, a number of major controversial cyber-policy matters also exist between information security and economics (Anderson & Schneier, 2008), (NIST, 2010) and (Anderson & Moore, 2007).... However, this connection and causation are tremendously hard to demonstrate conclusively....
3 Pages (750 words) Essay

How Can Organisations Ensure that Information Held within their Information Systems is Secure

This research evaluates how organizations can ensure that information held within their information systems is secure.... The conclusion states that companies should continue to change their passwords, adopt new software, and change authorization codes to the information in their databases.... The paper tells that companies may require stricter controls and more reliable software and methods to protect their information in the future....
7 Pages (1750 words) Essay

Information in Organizations

This paper analyses the security measures in companies.... As businesses must take due care of their possessions and assets to prevent damage or theft, businesses must protect their information.... There are thousands of ways that businesses can suffer harm through access to their personal information.... employees are a primary source of information about a company and are the people who are given access to a company's databases....
8 Pages (2000 words) Coursework

Information Security Strategy of IT Department at Eazee Shopping

This paper "information security Strategy of IT Department at Eazee Shopping" focuses on the threats to information systems in the cyberspace.... The researcher will then demonstrate the organisational policies of Eazee Shopping followed by physical and system security initiatives.... The researcher will then discuss the compliance of information systems and security initiatives with ISO – 27001 Standard after which a conclusion will be presented to summarise the key findings and scope of security strategies....
10 Pages (2500 words) Case Study

Critical Annotated Bibliography on Cybersecurity

information security solutions are partial and subtle as simpler techniques of cyber security cannot provide a comprehensive solution to security flaws.... They found that billions of Euros are spent on information security measures.... Both public services and markets development is negatively impacted by the information security and public concerns.... riminal and fraudulent motivations cause the breaches in information security....
6 Pages (1500 words) Annotated Bibliography

Information Security

The information is also transmitted via networks to other electronic devices Personal information security is vital to ensure the privacy of secret information and document.... information security is the (Dhillon & Backhouse 2000).... This paper ''information security'' tells that Dhillon & Backhouse stated that personal information amasses a lot of confidential information about personal interests, thoughts, education, interests, and financial status....
7 Pages (1750 words) Report

The InnoSensors Technology Company

information security is a fundamental requirement in all organizations whose data is very sensitive when handled by the wrong people.... This research is about information security and specifically narrows down to the InnoSensors technology company that is about to launch a new health monitoring device and the research aims to develop a security mechanism that is appropriate for the company.... information security especially for software development must develop techniques for dealing with information security whereby strategies are developed and systems are monitored in the form of intellectual property to ensure that this information is only accessible by the relevant developers and employees, protected against any updating or interfering with this information and ensuring that no unauthorized personnel can access this information (Anderson, 2001)....
12 Pages (3000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us