Security Audits Revisited
نویسنده
چکیده
Security audits with subsequent certification appear to be the tool of choice to cure failures in providing the right level of security between different interacting parties, e. g., between an outsourcing provider and its clients. Our game-theoretic analysis scrutinizes this view and identifies conditions under which security audits are most effective, and when they are not. We find that basic audits are hardly ever useful, and in general, the thoroughness of security audits needs to be carefully tailored to the situation. Technical, managerial, and policy implications for voluntary, mandatory, unilateral, and bilateral security audits are discussed. The analysis is based on a model of interdependent security which takes as parameters the efficiency of security investment in reducing individual risk, the degree of interdependence as a measure of interconnectedness, and the thoroughness of the security audit.
منابع مشابه
Wann sind IT-Security-Audits nützlich?
ZUSAMMENFASSUNG Informationstechnologie vereinfacht die Vernetzung von Wirtschaftseinheiten und erhöht so die Abhängigkeit einzelner Wirtschaftssubjekte von anderen. Dies führt nicht nur zu neuen Risiken, sondern auch zu neuen Anreizstrukturen beim Risikomanagement. In Literatur und Praxis werden IT-Security-Audits oft abstrakt als Mittel gegen Trittbrettfahrer genannt, die Maßnahmen zur Risiko...
متن کاملThe Role of Dice in Election Audits – Extended Abstract
Random audits are a powerful technique for statistically verifying that an election was tabulated correctly. Audits are especially useful for checking the correctness of electronic voting machines when used in conjunction with a voter-verified paper audit trail (VVPAT). While laws in many states already require election audits, they generally do not address the procedure for generating the rand...
متن کاملAaron Burstein , Joseph Lorenzo Hall and Margaret Chen Brennan Center for Justice at New York University School of Law and the
Random audits are a powerful technique for statistically verifying that an election was tabulated correctly. Audits are especially useful for checking the correctness of electronic voting machines when used in conjunction with a voter-verified paper audit trail (VVPAT). While laws in many states already require election audits, they generally do not address the procedure for generating the rand...
متن کاملThe Economics of Mandatory Security Breach Reporting to Authorities
Legislators in many countries enact security breach notification regulation to address a lack of information security. The laws designate authorities to collect breach reports and advise firms. We devise a principal–agent model to analyze the economic effect of mandatory security breach reporting to authorities. The model assumes that firms (agents) have few incentives to unilaterally report br...
متن کاملIntrusion Detection and Information Security Audits
The rapid expansion and dramatic advances in information technology in recent years have without question generated tremendous benefits to business and organizations. At the same time, this expansion has created significant, unprecedented risks to organization operations. Computer security has, in turn, become much more important as organizations utilize information systems and security measure...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012