The Need for Public Policy Interventions in Information Security

David Pym, Joe Swierzbinski, Julian Williams

Research output: Working paper

64 Downloads (Pure)


Should public policy-makers set minimum levels of behaviour for individuals
and corporations regarding information security policies and investments?
We consider a model in which a finite number of targets are at risk of attack, attacks
are costly, and have a finite probability of success. One important innovation is an
explicit model of the decisions of potential attackers on whether to mount attacks.
The model shows how the behaviour of attackers and the nature of the technological
environment can create a role for a policy-maker to coordinate optimal minimum
levels of protective expenditure for firms.
Original languageEnglish
Place of PublicationAberdeen
PublisherUniversity of Aberdeen
Number of pages23
Publication statusPublished - 2013


Dive into the research topics of 'The Need for Public Policy Interventions in Information Security'. Together they form a unique fingerprint.

Cite this