The interested reader must be warned from the beginning: this is not a book dedicated only to information security (IS) in the information technology (IT) field. Rather, it covers many other aspects of IS, in different industrial areas. In addition, this is not a book full of analytical financial formulas about how to use budgets to address security issues. Instead, it is focused on modern ways of managing many things: information as an asset; information security; IT and its microeconomy, with financial management aspects; computer networks and systems security; economics; and specific regulatory issues, all together addressing the generic topics of IS.
Usually, managers and other people involved in the IS field are concerned with the IT aspects of IS, seeking to solve problems that threaten IT infrastructures, using modern hardware and software solutions, while economic aspects are sometimes neglected. IT services exist to support the organization, and IT budget expenditures must reflect the reality of IS support. Because of this, few managers are concerned with the problems of IS in financial management terms. As the most important asset of the modern organization, information must be secured in many ways, while these applied methods and their consequences must reflect the corporate leader’s vision for the financial planning, support, maintenance, and leverage of the IS infrastructure.
This book addresses the issues outlined above, taking an economic viewpoint, and discussing how to take advantage of this very important aspect of IS and IT to implement long-term goals. There are many other books about how to become a good IS manager, an expert auditor, or a certified security professional, but this one presents economic tools to solve IS problems that really might occur in computer networks, general IT infrastructures, large corporations using strategic data and information warehouses, Internet communications and their contents, and other IT products and services.
Twenty separate papers are presented, introducing the reader to the specific aspects of: a mathematical theory of system reliability for IS; pricing security; IS standards and their setting; computer security failures; cryptography and competition policy; control of governance; the paradigm of digital rights management systems’ trusted computing; the economics of the pirated environment; protecting content; the economics of IT security management; assessing the total cost of security breaches; assessing the value of security controls; intrusion detection systems; the effective level of investment; the evaluation of damages after information systems security incidents; sharing IS and its economic consequences; IS investment economics; the value of privacy; attitudes and behavior relative to privacy; identity theft models of privacy economics; information flow in the IS market; the privacy and security of personal information; the foundations of security technoeconomics; the role and classification of security lock-in, with examples from the US cable industry, and video gaming and printer cartridge industries; secure technologies in legacy markets, emphasizing secure shell success; cognitive hacking, and intelligence and security informatics; perception management; semantic attacks and information warfare; deception detection, with many examples; digital government and cognitive hacking countermeasures; and analyzing and evaluating security systems, technologies, and practices through a five-step process.
The book is well suited for IS managers, chief information officers (CIOs), certified information security professionals, and teachers of economics for IS, as well as for students of IT security and IS management. Each chapter includes references, Web links for more detailed information, practical models, and industry examples. Do not miss this book if you are an IS manager interested in the economics of IS.
