K. Elliott
Action, Inaction, Trust, and Cybersecurity’s Common Property Problem
Elliott, K.; Massacci, F.; Williams, J.
Abstract
Cybersecurity tends to be viewed as a highly dynamic, continually evolving technology race between attacker and defender. However, economic theory suggests that in many cases doing "nothing" is the optimal strategy when substantial fixed adjustment costs are present. Indeed, the authors' anecdotal experience as chief information security officers indicates that uncertain costs that might be incurred by rapid adoption of security updates substantially delay the application of recommended security controls, so the industry does appear to understand this economic aspect quite well. From a policy perspective, the inherently discontinuous adjustment path taken by firms can cause difficulties in determining the most effective public policy remit and the effectiveness of any enacted policies ex post. This article summarizes this type of policy issue in relation to the contemporary cybersecurity agenda.
Citation
Elliott, K., Massacci, F., & Williams, J. (2016). Action, Inaction, Trust, and Cybersecurity’s Common Property Problem. IEEE Security and Privacy, 14(1), 82-86. https://doi.org/10.1109/msp.2016.2
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Jan 1, 2016 |
| Online Publication Date | Feb 3, 2016 |
| Publication Date | Feb 3, 2016 |
| Deposit Date | Jan 4, 2016 |
| Publicly Available Date | Feb 21, 2017 |
| Journal | IEEE Security and Privacy |
| Print ISSN | 1540-7993 |
| Electronic ISSN | 1558-4046 |
| Publisher | Institute of Electrical and Electronics Engineers |
| Peer Reviewed | Peer Reviewed |
| Volume | 14 |
| Issue | 1 |
| Pages | 82-86 |
| DOI | https://doi.org/10.1109/msp.2016.2 |
| Public URL | https://durham-repository.worktribe.com/output/1415770 |
Files
Accepted Journal Article (Revised version)
(196 Kb)
PDF
Copyright Statement
Revised version © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
You might also like
A Balancing Act: How to Avoid professional disidentification when faced with stakeholder critique
(2015)
Presentation / Conference Contribution
JUNE: open-source individual-based epidemiology simulation
(2021)
Journal Article
Downloadable Citations
About Durham Research Online (DRO)
Administrator e-mail: dro.admin@durham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search