Assignment
Read the assigned articles in D2L. Answer the questions below. The answers must demonstrate that you have substantively engaged with the material and you haven't simply goggled the question and copy/pasted the answer.
1. Why don't people immediately install software patches?
2. Who makes decisions that have cybersecurity effects?
3. Scenario: A patch is released for a critical security flaw in a system Alice manages. What are the benefits to the organization of installing the patch? What are the costs?
4. Scenario: Bob gets a new laptop. After he installs all the latest patches, he wonders if he should install his organization's recommended virus scanner. What are the potential costs? What are the potential benefits?
5. What are the economic incentives for cybercrime?
6. What are the economic incentives for cybersecurity?
7. Who makes decisions in cybersecurity, and what kinds of decisions do they make? Are there people who weren't discussed in class?
8. Are there people who don't make cybersecurity decisions?
9. An economist recently argued that the cost of cyberattacks is so low compared to the amount of money people spend on cybersecurity, and therefore companies should not spend money on cybersecurity. Instead, they should take the cost of the attack and pay to clean up. What is wrong with this argument? What is useful about it?
10. What are some non-monetary incentives for hacking? Why do people hack?
Simulation 1
You are the Chief Information Security Officer of a small company. You have a set of controls that let you set the level of password complexity required and what websites are not allowed on company computers.
After you set the security policy for a day, hit the submit button, and you will see the consequences of that policy, both in emails from users/stakeholders and in sales.
Use the simulation tool to try different security policies. Observe what the consequences are for different combinations of policies. Answer the questions listed below.
1. What happens when you set policies to be extremely stringent?
2. What happens when you set policies to be extremely lenient?
3. What other situations in a business context might show the same kinds of tradeoffs?
4. What situations in a home computer environment might show the same kinds of tradeoffs?
5. What indicators can a person who is trying to assess security policy use to tell if that policy is having the intended effect?
6. What, if anything, happened that you did not expect to happen in this simulation?
Articles:
1. Cybersecurity: Stakeholder incentives, externalities, and policy options by Johannes M. Bauer and Michel J.G. van Eeten.
2. The Economics of Information Security by Ross Anderson and Tyler Moore.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.