Drivers, Metrics and Best Practices for Information Security

摘要

Information security is one of the top problems of business executive and information system managers alike. Pervasive use of information technology in all aspects of business today as well as highlighted need for regulatory compliance calls for analysis of information systems in their entirety - going beyond technical aspects and considering people and organizations as well. In my dissertation, I am studying the motivations and incentives of parties involved in information security interactions using economic analysis. I propose to identify the drivers of information security decisions, metrics of information security effectiveness and incentive mechanisms that make security policies work. I employ tools of economics and game theory as well as analyze empirical information security performance data collected in collaboration with a major IT security service provider.