Adam Smith is to Blame for that user Authentication Failure: The ‘Economics of Security’ Effect on the Security and Usability of IT Systems
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Information Security and Microeconomics are at first view two separate disciplines. But as Ross Anderson at the University of Cambridge first showed, the two can work seamlessly together to improve the protection of digital data. In this thesis the work of Anderson and his colleagues on encountering information security not with a mere technical approach but from a microeconomics perspective will be reviewed and analyzed. It will be revealed that information asymmetries, externalities, moral hazard effects and lack of proper incentive strategies can heavily affect information security. Having this as a basis, information security will be extended to the notion of the public good and it will be showed that information security almost always is about the public and not the private. The problems of enforcing the security in information will be examined and a way of managing information security as a public commodity will be proposed having at its epicentre the idea of uniformity. Finally, two case studies in information security will be deployed and analyzed according to the theory of microeconomics and it will be shown that flaws in the security and usability of IT systems can be anticipated if the role of microeconomics in information security is acknowledged ex ante.
Place, publisher, year, edition, pages
2015. , 57 p.
Technology, Information security, Microeconomics, Asymmetric information, Externalities, Uniformity, Incentives
IdentifiersURN: urn:nbn:se:ltu:diva-45176Local ID: 2e78d216-9bf5-492f-92e3-0b6b9156ce71OAI: oai:DiVA.org:ltu-45176DiVA: diva2:1018460
Subject / course
Student thesis, at least 30 credits
Information Security, master's level
Validerat; 20150626 (global_studentproject_submitter)2016-10-042016-10-04Bibliographically approved