Martin P. Loeb
ˇ@
Deloitte & Touche Faculty Fellow
Van Munching Hall 3351
Robert H. Smith School of Business
The University of Maryland
College Park, MD 20742, USA
Phone: (301) 405-2209

ˇ@

Book

Managing Cybersecurity Resources: A Cost-Benefit Analysis

INFORMATION SHARING & COMPUTER SECURITY

ˇ@

The U.S. federal government has fostered a movement toward sharing information concerning computer security, with particular emphasis on protecting critical infrastructure assets that are largely owned by the private sector. This paper presents a model to examine the welfare economic implications of this movement. It is shown that, since information sharing lowers the cost of each firm attaining any given level of information security, there are potential benefits for individual firms and society at large from sharing. However, it is also shown that in the absence of appropriate economic incentive mechanisms, each firm will attempt to free ride on the security expenditures of other firms (i.e., renege from the sharing agreement and refuse to share information).

ˇ@

ˇ@

ˇ@