Making the Best Use of Cybersecurity Economic Models: Difference between revisions
| Line 15: | Line 15: | ||
==Key Words== | ==Key Words== | ||
[http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas# | [http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Risk_Modeling risk modeling] | ||
==Synopsis== | ==Synopsis== | ||
Revision as of 12:20, 9 June 2010
Full Title of Reference
Full Citation
Rachel Rue and Shari Lawrence Pfleeger, Making the Best Use of Cybersecurity Economic Models, 7 IEEE Security and Privacy 4 (2009). Purchase
Categorization
Issues: Metrics
Issues: Risk management and investment
Key Words
Synopsis
This article describes an analysis of several representative cybersecurity economic models, where the authors seek to determine whether each model's underlying assumptions are realistic and useful. They find that many of the assumptions are the same across disparate models, and most assumptions are far from realistic. They recommend several changes so that the predictions from economic models can be more relevant and useful.
Additional Notes and Highlights
Both authors are from RAND corporation. Their article provides a useful overview of the main models for modeling cybersecurity risks, as well as a stimulating critical approach to these models.