Position Paper

file

Visible to the public Competitive Cyber-Insurance and Internet Security

Submitted by galina.schwartz on Wed, 11/17/2010 - 12:54pm. Contributors:

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user’s probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given.

file

Visible to the public Can Competitive Insurers Improve Network Security?

Submitted by galina.schwartz on Wed, 11/10/2010 - 1:53pm. Contributors:

The interdependent nature of security on the Internet causes a negative externality that results in under-investment in technology-based defences.  Previous research suggests that, in such an environment, cyber-insurers affect network security and user welfare.  We utilize a general setting, where the network is populated by identical users with arbitrary risk-aversion and network security is costly for the users.  In our model, a user's probability to incur damage (from being attacked) depends on both his security and the network security.

file

Visible to the public Scarcity of User Information and the Link Between Computer Security and Reliability

Submitted by galina.schwartz on Wed, 11/10/2010 - 1:40pm. Contributors:

This paper studies manufacturer incentives to invest in the improvement of reliability and security of a software system when (i) reliability and security failures are caused by the same errors in the development of the software components and (ii) naive users find it too costly to distinguish between these two classes of system failures.We trace the effects of these informational imperfections and discuss how the resulting supply and demand externalities affect manufacturer investments.

file

Visible to the public Nudging Privacy- The Behavioral Economics of Personal Information

Submitted by Acquisti Alessandro on Wed, 11/10/2010 - 1:25pm. Contributors:

What is it that pushes us to seek fame by misconduct or publicity by sharing embarrassing information with strangers? How do we reconcile these desires with the apparent need for privacy that surveys keep finding so widespread among the American population? In short, what drives individuals to reveal, and to hide, information about themselves to and from others?

file

Visible to the public Is Finding Security Holes a Good Idea?

Submitted by TimTh on Wed, 11/10/2010 - 1:04pm. Contributor:

A large amount of effort is expended every year on finding and patching security holes.  The underlying rationale for this activity is that it increases welfare by decreasing the number of vulnerabilities available for discovery and exploitation by bad guys, thus reducing the total cost of instrusions.  Given the amount of effort expended, we would expect to see noticeable results in terms of improved software quality.