The Economics of Information Security Ross Anderson and Tyler Moore University of Cambridge, Computer Laboratory 15 JJ Thomson Avenue, Cambridge CB3 0FD, United Kingdom firstname.lastname@cl.cam.ac.uk Abstract
The economics of information security has recently become a thriving and fast-moving discipline. As distributed systems are assembled from machines belonging to principals with divergent interests, we find that incentives are becoming as important as technical design in achieving dependability. The new field provides valuable insights not just into ‘security’ topics (such as bugs, spam, phishing, and law enforcement strategy) but into more general areas such as the design of peer-to-peer systems, the optimal balance of effort by programmers and testers, why privacy gets eroded, and the politics of digital rights management.