“Economics Of It Security Management” Essay

2775 words - 12 pages

“Economics of IT Security Management”

1) The article questions the loss estimate obtained from CSI/FBI security surveys since they exclude some categories of costs associated with security breaches. It suggests that cost estimate based on the loss in capital markets as a result of a breach in security may be a proxy to estimate true cost of security breaches.

a. What do you think about the quality of this cost estimate? Can you think of better ways to capture true cost of security breaches?

Although I can see the benefit to utilizing capital market losses as a basis for estimating the true costs of a security breach because it attempts to capture the intangible costs of a breach, ...view middle of the document...

As many ways as I have mulled over offering a more accurate estimate of the true cost of security breaches the more I come to the conclusion that methods that seek to capture the most accurate reflection of the true cost of security breaches are all going to suffer from the same problems: when trying to calculate intangible long term costs, attribution biases and overlap cannot be completely eliminated. Yes, we could actually take into account the cost of law suits, increased insurance and loan rates, the loss of revenue between periods, and even loss of key business partners, but at the end of the day it isn’t possible to eliminate all uncertainty as to the source of these losses.

Perhaps the one thing I would suggest is that a more accurate estimate of the costs of security breaches might take into account not only capital market changes but also a standard percentage increase for unreported events based on a company’s size, business model and quality of security infrastructure.

b. What factors can play an important role in determining the amount of reaction in capital markets as a result of a security breach?

Public perception of a company’s reaction to a breach, as well as their ability to prevent future attacks, play significant roles in the reaction of capital markets to any security breach.

A firm’s reaction to a breach may include such things as the speed with which a firm identifies the scope of and potential damage caused by an attack, the speed with which potential victims are notified and the treatment of those potentially harmed by it. If a firm fails to identify and the problem in a timely manner it is likely to lose public confidence and capital markets will reflect this; If communications are not timely and well crafted, customers may feel that the company lacks concern for their privacy, ignored or worse that the firm willfully hid a breach. Each of these will prompt capital markets to react negatively.

A company’s ability to deal with future attacks also plays a significant role in determining the market reaction to a breach. For example, a firm that is breached, but has in place industry “standard,” security protocols and moves quickly to upgrade their systems to account for an identified weakness is likely to still suffer initial losses from the event, but recoup those losses in the near time, because they have addressed the key issue that drives consumer/investor action: uncertainty.

Additional factors that play a role in the reaction of capital markets to security breaches include factors such as the composition and size of the business. “Pure play” or Internet-only businesses tend to suffer greater market share losses, regardless of their response in the aftermath, than conventional businesses. Given the interconnected nature of internet businesses and thus their greater exposure to risk than their traditional counterparts, this is understandable. Traditional businesses have the advantage of...

Other Papers Like “Economics of It Security Management”

What Is Human Resources Management? In What Respects Does It Differ From Personnel Management? How Have HRM Techniques Been Designed To Facilitate The Management Of Workplace Change?

3231 words - 13 pages Human Resources Management?Human Resources Management's (HRM) origins came from the USA in the 1950's and gained a wide recognition in the biggining of the 1980s whereas in the UK it wasn't until the mid of the 1980s. HRM evolved due to pressures in product markets in USA during the recession of 1980-82 and because of the need to create a work situation free of conflict in which both employees and employer worked towards the same goal (unitarist

Relating to Appropriate Theory, What, If Any, Are the Essential Characteristics of Leadership That Separate It or Do Not Separate It, from Management?

3050 words - 13 pages Relating to appropriate theory, what, if any, are the essential characteristics of leadership that separate it or do not separate it, from management? Bennis (2009, pg 42), in his analysis of leadership versus management, famously quoted that “Managers do things right, while leaders do the right thing” and it is this dynamic contrast that marks the opening of what might be considered a moot area for discussion. Initially it is relevant to

What Are the Main Definitions of Management? Why Are There so Many Definitions in the Literature and Does It Matter?

2186 words - 9 pages describe the many definitions of management, try to comprehend the reasons for their individual differences and/or similarities and it will also observe business ethics throughout this evolution. The theory of scientific management was the creation of Frederick Winslow Taylor (1911, pg 7): ‘Management is an art of knowing what to do, when to do and see that it is done in the best and cheapest way’. The theory and its belief was that there is one

Identify A Problem Within An Area Of Management Responsibility An Create A Decision Support System To Solve It

1275 words - 6 pages Identify a problem within an area of Management responsibility and create a Decision Support System to solve it. INTRODUCTION Managers are often faced with problems that may affect the flow of work. It is crucial that managers find the most suitable way of solving the problems they encounter. Some of the many problems encountered involve decision making, and managers need to come up with the most effective system in order to make

Every Organisation Has To Prepare For The Abandonment Of Everything It Does"( Peter Drucker). Discuss This Statement In The Context Of Change Management And Strategy

2993 words - 12 pages decisions and some strategies do not lead to an organisation to change , there are many that depend on change management skills. Peter Druker's statement is viewed at the same angle by many other management consultants. The reality is that nothing last forever, it is just a matter of time before changes affect an organisation.As demonstrated on the graph , in every organisation , a transformation stage is reached with time , whereby to sustain growth

How It Came to Be That Too Many Cooks Spoil the Broth: a Study Into the Problems of Ill-Defined Property Rights “Resources Are Limited, Whereas Human Wants Are Unlimited. Economics Is the Study of How...

2343 words - 10 pages authors contributing to it.  If more than one cook handles one pot of soup the ingredients like salt, for example, may be doubled or tripled (according to how many cooks handle the pot) thus spoiling it. Too many people trying to do the same thing together are likely to ruin the job. if too many people are involved in something it often gets too complicated. if its used it means that some people need to back off When too many people take charge

Security Breach

1832 words - 8 pages Security and Personal Information Management. (2011). Retrieved October 15, 2011 from http://www.sony.net/SonyInfo/csr/compliance/index8.html It appears you are visiting Sony.com from outside the United States. (2011). Retrieved October 14, 2011 from http://www.sony.com/ Liginlal, D., Sim, I & Khansa, L. (2009). How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management. Computers & Security

Bba Syllabus

856 words - 4 pages -operate towards attainment of group goals”... browse notes.Managerial EconomicsManagerial Economics is economics applied in decision-making. It is that branch of economics that serves as a link between abstract theory and managerial practice. Managerial economics is concerned with the business firm and the ecnomic problem that every management need to solve. Economics provides us with a number of concepts and analytical tools to help us understand

Decision Making Courses and How They Relate to Decision Making

1291 words - 6 pages , social security, low-income assistance. High Financing and Managing Government Covers cost-benefit evaluations which influence decision making. Role of public policy in affecting the efficiency of markets and the distribution of resources in society. High. Economic Analysis of Law Teaches students how to think as an economist about legal rules and evaluate alternative legal rules. Interpretation of legal rules Moderate Behavioural Economics

Field Study

899 words - 4 pages well as being taught the skills associated with them. Those who find themselves intrigued by course material may begin to consider an occupation in a related area. The home economics discipline has led individuals to the fields of education, nutrition, social service, and hospitality management, to name a few. It is hard to find a single subject taught in schools today that incorporates as many topics of interest as home economics, helping

A Whole New World: Economics and Me

820 words - 4 pages advantage both in business and personal life. As a Human Resource Development Management Student of Polytechnic University of the Philippines Quezon City Campus, I found Economics as one of the foundations of the Human World. Economics deals with decision....so in everything you do, like how will you spend your money wisely, how will you budget your time, how you react in every issues that involves your everyday life, all of it, is already the

Related Essays

: It Security And Disaster Recovery Management

1012 words - 5 pages Trident University Alfonso Nunez Module 1 Case Assignment ITM527: IT Security and Disaster Recovery Management Dr. Kenneth Phillips August 26, 2013 Introduction The Malcolm Baldrige National Quality has evolved from a means of recognizing and promoting exemplary quality management practices to a comprehensive framework for world class performance, widely used as a model for improvement. As such, its

Volkswagen Of America It Management Issues Analysis

1723 words - 7 pages it right; aligning their IT priorities with their business goals. As with any new process, criticism and resistance will always be within an organization. Human nature fears the unknown. To ease their fear and resistance, management needs to plan for and quickly address why and when these new processes will be implemented and how they will benefit them and the companies goal’s. I believe a limited amount of constructive conflict is

Beth A Grillo It540 Management Of Information Security Assignment Unit 2

297 words - 2 pages Unit 2 Assignment: Security Policy Implementation Beth A. Grillo, MHA, CPC-A July 19th, 2016 IT540-01: Management of Information Security Dr. Kenneth Flick Kaplan University Table of Contents Unit Two Assignment: Security Policy Implementation 3 Part 1: Step 29 3 Part 1: Step 36 3 Part 3: Step 33 4 Part 3: Significance of Strict Password Policy 5 Reference 6 Unit Two Assignment: Security Policy Implementation Part 1

Management Information Systems. Role Of It In Starbucks

2915 words - 12 pages Management Information and Technology The role of IT in Starbucks in gaining competitive advantage ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- Table of Contents Executive Summary 3 Introduction 3 Analysis 3 INDUSTRY 3 Bargaining power of suppliers: 4 Bargaining power of customers: 4 Threat of new entrants