InformationWeek

As any victim of a significant information security attack will tell you, there's a financial dimension to cybercrimes. Even those companies intent on not becoming victims pay a hefty price--security measures are costly, and so are the salaries of the IT professionals who manage them.

Unfortunately, relatively little attention has been paid to the economics of information security, even in "applied" areas of economics such as capital finance. Increasingly, though, economists have turned their sights on information security. Bottom line: economists have some tools in their kitbag that we can and should borrow.

This TechWebCast will present an overview of considerations from economics and corporate finance that seem ripe for use in the security realm, along with a look at the planning benefits to be derived from economics-based approaches.

Discussion points:

• A large percentage of information security managers do not use Net Present Value (NPV) or Internal Rate of Return (IRR) type analyses when arguing for security investments -- yet, security professionals could help themselves with better tools used correctly.



• Not all security breaches are costly. Learn which kinds of incidents are minor and which make a corporation feel the pain.



• There seems to be the belief that sharing information related to security is going to benefit the parties joining in such sharing arrangements, but without the appropriate economic incentives, this belief seems to be wrong.



• There are several other basic notions from economics (the concept of market externalities, for instance) that may yield useful insights in considering information security issues.



• Real-world examples and advice about applying economics to security issues.

Log on from your office to participate in this interactive discussion on the latest thinking about the economics of information security.