Skip to main content

The WiKID Blog

Viewing posts tagged Security and Economics

on-the-short-tenure-of-cisos-and-low-frequency

I came across this post which pointed to this article on how to hedge funds can write a series of naked puts on low-probability events and look like geniuses. I have equated this to the information security market before and I have pointed out other posts about low-frequency, high-impact events.

How-much-to-spend-on-data-breach-protection

In a previous post, I discussed how much to spend on information security based on Gordon & Loeb's book Managing Cybersecurity Resources: A Cost-Benefit Analysis. The crux: spend no more than 37% of your expected loss.

How-to-get-an-unlimited-information-security

In the past, I have blogged about how much to budget for info sec, how information security creates value for a company, and other posts designed to help info sec personnel make their case. Well, now I have decided that that is all bunk compared to the advice I am about to give. The new tactic: Bribery.

marginal-revolution-on-vaccinations

Kiss me, I'm vaccinated:

People who have the flu spread the virus so getting a flu shot not only reduces the probability that I will get the flu it reduces the probability that you will get the flu. In the language of economics the flu shot creates an external benefit, a benefit to other people not captured by the person who paid the costs of getting the shot. The external benefits of a flu shot can be quite large. Under some conditions each person who is vaccinated reduces the expected number of other people who get the flu by 1.5.
Perhaps we have been taking the wrong tack thinking about how to punish PC users who have malware on their machines.. Maybe offering additional benefits to users with verifiable security mechanisms is a better solution. Maybe one of those benefits would be access to IRC channels often used by malware to contact their controller.

software-liability-a-bad-idea-that-will-come-too

Time for me to weigh in on the subject of liability for software bugs. Bruce Schneier posted about it here, and Pete Lindstrom responded here. I agree with Lindstrom. It is an incredibly bad idea. Software liability laws will increase the costs of software development so high that it will drive small firms from the market, reduce customer choice resulting in less choice, less innovation and even worse software.

Recent Posts

Archive

2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom