The economics of information security
As any victim of a significant information security attack will tell you, there's a financial dimension to cybercrime. And those companies intent on not being victimized must pay a hefty price, too: Security measures are costly, and so are the salaries of the IT professionals who manage them.
Unfortunately, relatively little attention has been paid to economics, and to the applied financial practices that grow out of economics, when it comes to information security. In 2003, the annual CSI/FBI Computer Crime and Security Survey reported average losses per respondent of about $800,000. In fact, the real headline should be that even those loss totals don't do justice to the magnitude of information security crime and related costs. (See "The True Cost of Cybercrime" for economist Martin P. Loeb's reckoning of indirect costs and their impact.)
By Lawrence A. Gordon and Robert Richardson at Security Pipeline.
[ Read more ]