Cybersecurity Economics: Induced Risks, Latent Costs, and Possible Controls

ABSTRACT

Financial decisions indirectly affect and are affected by the effort towards Information Security. The ‘Economics of Cybersecurity’ should thus constitute a significant part of the Information Security Posture Assessment process and should be directly addressed in this context. As the complexity and interdependency of Information Systems augments and new technologies lead to the de-materialisation of Information Systems assets, it becomes progressively evident that the conflicting interests and incentives of the various stakeholders of an Information System affect its overall Information Security Posture, perhaps even more significantly than technical or policy limitations do. This paper examines economic considerations from an Information Systems Security/Cybersecurity viewpoint and proposes new directions that may both help reduce the problem from a collective point of view, as well as lead to the creation of methodologies to ultimately integrate economics, along with technical and non-technical issues, into an Organisation’s Information Security Posture Assessment process.


AUTHORS

School of Computing, UNISA, Pretoria
South Africa

Evangelos D. Frangopoulos holds M.Sc. Degrees in Electrical Engineering from Rensselaer Polytechnic Institute, Troy, New York and in Information Systems from UNISA, Pretoria, South Africa. He is a full-time Information Security Professional and is also pursuing a Ph.D. at UNISA. He is a member of IFIP’s TC 11.12 and his research is mainly focused on the human aspects of information security and assurance.

Institute for Corporate Citizenship, College of Economic and Management Sciences, UNISA, Pretoria
South Africa

Mariki M. Eloff received a PhD Computer Science degree in 2000 from the then Rand Afrikaans University, South Africa, now known as the University of Johannesburg. In October 2002, she was appointed as an associate professor in the School of Computing at UNISA. In July 2009, she was promoted to full professor. She joined the Institute of Corporate Citizenship at UNISA as chief researcher in August 2012. In 2010, she received the UNISA Women in Research award for Research Leadership. She participated in many information security management research projects. She has presented research papers at international and national conferences, mostly focusing on information security. She has assisted in the organisation and management of international conferences in information security. She served as the South African representative on the International Standards Organisation (ISO) from 2005 to 2007 and contributed to the development of computer and information security standards on an international level.

Institutional Director: Research Support;
Extraordinary Professor: Computer Science and Information Systems, North-West University, Potchefstroom
South Africa

Lucas M. Venter is the Institutional Director of Research Support at the North-West University, South Africa, and also Professor Extraordinarius of Computer Science. He previously held positions in Computer Science at the University of South Africa (Director: School of Computing) and in Mathematics and Computer Science at the Potchefstroom University (PUCHE), South Africa. He also served one semester as visiting researcher at the University of Texas at El Paso.  His current research interests include the human aspects of information security, and the measurement of quality of research outputs.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com