Skip to main content

Research Repository

Advanced Search

Outputs (3)

Economic Impacts of Rules- versus Risk-Based Cybersecurity Regulations for Critical Infrastructure Providers (2016)
Journal Article
Massacci, F., Ruprai, R., Collinson, M., & Williams, J. (2016). Economic Impacts of Rules- versus Risk-Based Cybersecurity Regulations for Critical Infrastructure Providers. IEEE Security and Privacy, 14(3), 52-60. https://doi.org/10.1109/msp.2016.48

What's the optimal way to regulate cybersecurity for the critical infrastructure operators in charge of electricity transmission? Should regulation follow the US style (a mostly rules-based model), the EU approach (which is mostly risk-based), or a b... Read More about Economic Impacts of Rules- versus Risk-Based Cybersecurity Regulations for Critical Infrastructure Providers.

Agency Problems and Airport Security: Quantitative and Qualitative Evidence on the Impact of Security Training (2016)
Journal Article
de Gramatica, M., Massacci, F., Shim, W., Turhan, U., & Williams, J. (2017). Agency Problems and Airport Security: Quantitative and Qualitative Evidence on the Impact of Security Training. Risk Analysis, 37(2), 372-395. https://doi.org/10.1111/risa.12607

We analyze the issue of agency costs in aviation security by combining results from a quantitative economic model with a qualitative study based on semi-structured interviews. Our model extends previous principal-agent models by combining the traditi... Read More about Agency Problems and Airport Security: Quantitative and Qualitative Evidence on the Impact of Security Training.

Action, Inaction, Trust, and Cybersecurity’s Common Property Problem (2016)
Journal Article
Elliott, K., Massacci, F., & Williams, J. (2016). Action, Inaction, Trust, and Cybersecurity’s Common Property Problem. IEEE Security and Privacy, 14(1), 82-86. https://doi.org/10.1109/msp.2016.2

Cybersecurity tends to be viewed as a highly dynamic, continually evolving technology race between attacker and defender. However, economic theory suggests that in many cases doing "nothing" is the optimal strategy when substantial fixed adjustment c... Read More about Action, Inaction, Trust, and Cybersecurity’s Common Property Problem.