Skip to main content

The WiKID Blog

Viewing posts tagged Security and Economics

what-is-the-opposite-of-a-moral-hazzard

According to a recent study by researchers from my alma mater, the University of Virginia, the use of cameras to fine motorists who run red lights actually increases the number of accidents at those intersections. There are fewer T-bone collisions, but more rear-end collisions.

where-are-you-on-the-normal-curve-of-information

I recently was goaded into joining the IT Policy Compliance Group so I could read their research report entitled Taking Action to Protect Sensitive Data.

why-roi-is-a-crappy-measure-for-information

At a number of recent events and discussion forums the topic of ‘selling’ security investments to top management has been addressed. The question posed is that if there is no positive return from a security investment, how do security professionals propose a security solution to a CFO or CEO? What is the return on a strong authentication, a firewall or IDS system that neither saves money (except perhaps in employee time, an argument that may fall on deaf ears) nor generates revenue? Importantly to me, how can you justify the investment in strong authentication? The answer lies in what really creates value for an enterprise.

marginal-revolution-on-vaccinations

Kiss me, I'm vaccinated:

People who have the flu spread the virus so getting a flu shot not only reduces the probability that I will get the flu it reduces the probability that you will get the flu. In the language of economics the flu shot creates an external benefit, a benefit to other people not captured by the person who paid the costs of getting the shot. The external benefits of a flu shot can be quite large. Under some conditions each person who is vaccinated reduces the expected number of other people who get the flu by 1.5.
Perhaps we have been taking the wrong tack thinking about how to punish PC users who have malware on their machines.. Maybe offering additional benefits to users with verifiable security mechanisms is a better solution. Maybe one of those benefits would be access to IRC channels often used by malware to contact their controller.

the-externalities-of-dns-configuration

According to a recent study by DNS appliance maker Infoblox, over 50% of the Internet's domain name servers allow recursive name services - requiring a name server to relay requests to other name servers. If an attacker "poisons" the list of name servers, users are directed to a fake site, even if they manually enter the correct web-address.

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom