nach oben

Erschienen in:

2009 | OriginalPaper | Buchkapitel

3. Security Economics and European Policy

verfasst von : Ross Anderson, Rainer Böhme, Richard Clayton, Tyler Moore

Erschienen in: Managing Information Risk and the Economics of Security

Verlag: Springer US

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In September 2007, we were awarded a contract by the European Network and Information Security Agency (ENISA) to investigate failures in the market for secure electronic communications within the European Union, and come up with policy recommendations. In the process, we spoke to a large number of stakeholders, and held a consultative meeting in December 2007 in Brussels to present draft proposals, which established most had wide stakeholder support. The formal outcome of our work was a detailed report, “Security Economics and the Internal Market”, published by ENISA in March 2008. This chapter presents a much abridged version: in it, we present the recommendations we made, along with a summary of our reasoning.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Nonbanks and Risk in Retail Payments: EU and U.S.

Nächstes Kapitel BORIS –Business ORiented management of Information Security

“Security Economics and the Internal Market”, available at http://www.enisa.europa.eu/doc/pdf/report_sec_econ_&_int_mark_20080131.pdf.

http://www.ncsl.org/programs/lis/cip/priv/breach.htm.

http://www.openstreetmap.org

http://www.securityfocus.com/archive/1.

Acquisti, A., Friedman, A., and Telang, R. “Is There a Cost to Privacy Breaches? An Event Study”, in 5th Workshop on the Economics of Information Security (WEIS), Cambridge, United Kingdom, 2006June.

Akerlof, G. “The Market for ‘Lemons’: Quality Uncertainty and the Market Mechanism”. Quart. J. Economics (84), 1970, pp. 488–500.CrossRef

Anderson, N. “German ‘Anti-Hacker’ Law Forces Hacker Sites to Relocate”. Ars Technica, 14 August 2007. http://arstechnica.com/news.ars/post/20070814-german-anti-hacker- law-forcing-hacker-sites-to-relocate.html

Anderson, R., and Moore, T. “The Economics of Information Security”, Science (314:5799), 2006, pp. 610–613October.CrossRef

APACS. “Card Fraud Losses Continue to Fall”, Press Release, APACS, 14 March 2007.http://www.apacs.org.uk/media_centre/press/07_14_03.html

Arora, A., Krishnan, R., Telang, R., and Yang, Y. “An Empirical Analysis of Vendor Response to DisclosurePolicy”, in 4th WEIS, Cambridge, Massachusetts, 2005June.

BBC. “Devices Attached to Cash Machines”, BBC News, 15 October 2007.http://news.bbc. co.uk/1/hi/england/cambridgeshire/7044894.stm

California State Senate. Assembly Bill 700, 2002. http://info.sen.ca.gov/pub/01-02/bill/asm/ ab_0651-0700/ab_700_bill_20020929_chaptered.pdf

Casper, C. “Examining the Feasibility of a Data Collection Framework”, ENISA, February 2008.

Cavusoʇlu, H., Cavusoʇlu, H., and Zhang, J. “Economics of Patch Management”, in 5th WEIS, Cambridge, United Kingdom, 2006June.

Clayton, R. “Hacking Tools are Legal for a Little Longer”, Light Blue Touchpaper, 19 June 2007. http://www.lightbluetouchpaper.org/2007/06/19/hacking-tools-are-legal-for-a-little- longer/

Computer Security Institute. “The 12th Annual Computer Crime and Security Survey”, October 2007. http://www.gocsi.com/

Council of Europe. Convention on Cybercrime, CETS 185, November 2001.http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CL=ENG

Edelman, B. “Advertisers Using WhenU”, July 2004. http://www.benedelman.org/spyware/ whenu-advertisers/

Edelman, B. “Spyware: Research, Testing, Legislation, and Suits”, June 2008.http:/www. benedelman.org/spyware/

van Eeten, M., and Bauer, J. “The Economics of Malware: Security Decisions, Incentives and Externalities”, OECD, May 2008. http://www.oecd.org/dataoecd/25/2/40679279.pdf

European Commission. “i2010 Benchmarking Framework”, November 2006.http://ec. europa.eu/information_society/eeurope/i2010/docs/benchmarking/060220_i2010_Benchmarking_Framework_final_nov_2006.doc

European Commission. “Report on the Outcome of the Review of the EU Regulatory Framework for Electronic Communications Networks and Services in Accordance with Directive 2002/21/EC and Summary of the 2007 Reform Proposals”, November 2007. http://ec.europa.eu/information_society/policy/ecomm/doc/library/proposals/com_review_en.pdf

European Economic Community. “Council Directive of 25 July 1985 on the Approximation of the Laws, Regulations and Administrative Provisions of the Member States Concerning Liabilityfor Defective Products (85/374/EEC)”, July 1985.

European Union. “Directive 93/13/EEC of 5 April 1993 on Unfair Terms in Consumer Contracts”, April 1993. http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnumdoc&lg=EN&numdoc=31993L0013&model=guichett

European Union. “Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector (Directive on Privacy and Electronic Communications)”, July 2002. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri= CELEX:32002L0058:EN:HTML

European Union. “Directive 2006/123/EC of the European Parliament and of the Council of of 12 December 2006 on Services in the Internal Market”, December 2006. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:376:0036:0068:EN:PDF

European Union. “Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on Payment Services in the Internal Market Amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and Repealing Directive 97/5/EC Text with EEA Relevance”, November 2007. http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2007:319:0001:01:EN:HTML

House of Lords Science and Technology Committee. Personal Internet Security, 5th Report of 2006—07, The Stationery Office, London, August 2007.

D’Ignazio, A., and Giovannetti, E. “Spatial Dispersion of Peering Clusters in the European Internet”, Cambridge Working Papers in Economics 0601, January 2006.http:// econpapers.repec.org/paper/camcamdae/0601.htm

D’Ignazio, A., and Giovannetti, E. “‘Unfair’ Discrimination in Two-sided Peering? Evidence from LINX”, Cambridge Working Papers in Economics 0621, February 2006.http://econpapers.repec.org/paper/camcamdae/0621.htm

Jakobsson, M., and Ramzan Z. Crimeware: Understanding New Attacks and Defenses, Addison Wesley, Upper Saddle River, New Jersey, 2008.

McPherson, D., Labovitz, C., and Hollyman, M. “Worldwide Infrastructure Security Report Volume III”, Arbor Networks, 2007. http://www.arbornetworks.com/report

Moore, T., and Clayton, R. “Examining the Impact of Website Take-down on Phishing” in 2nd Anti-Phishing Working Group eCrime Researcher’s Summit (APWG eCrime), Pittsburgh, Pennsylvania, October 2007, pp. 1—13.

OpenDNS. “OpenDNS Shares April 2007 PhishTank Statistics”, Press Release, 1 May 2007. http://www.opendns.com/about/press_release.php?id=14

Pitcom. “Critical National Infrastructure, Briefings for Parliamentarians on the Politics of Information Technology”, November 2006. http://www.pitcom.org.uk/briefings/ PitComms1-CNI.doc

Serjantov, A., and Clayton, R. “Modelling Incentives for E-mail Blocking Strategies”, in 4th WEIS, Cambridge, Massachusetts, 2005June.

Shapiro, C., and Varian, H. Information Rules. A Strategic Guide to the Network Economy, Harvard Business School Press, Boston, Massachusetts, 1999.

Symantec. “Internet Security Threat Report Volume XII”, September 2007. http://www. symantec. com/business/theme.jsp?themeid=threatreport

Zetter, K. “Router Flaw is a Ticking Bomb”, Wired, 1 August 2005. http://www.wired. com/politics/security/news/2005/08/68365

Zhuge, J., Holz, T., Han, X., Guo, J., and Zou, W. “Characterizing the IRC-based BotnetPhenomenon”, Reihe Informatik Technical Report TR-2007-010, December 2007.http://honeyblog.org/junkyard/reports/botnet-china-TR.pdf

Titel: Security Economics and European Policy
verfasst von: Ross Anderson
Rainer Böhme
Richard Clayton
Tyler Moore
Verlag: Springer US
Buch: Managing Information Risk and the Economics of Security
Print ISBN: 978-0-387-09761-9

Electronic ISBN: 978-0-387-09762-6

Copyright-Jahr: 2009
DOI: https://doi.org/10.1007/978-0-387-09762-6_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner