Economic perspective of information security

There are a lot of interesting questions in information security. Do we spend enough or too much on information security? How much do we spend towards the security system? Are the products effective to defend all the possible attacks? Do they meet the special interests of the company? What is the most applicable security combination system to the specific industry? To answer these questions, we no longer regard information security as a pure issue of IT industry We may use economic theories to solve these issues respectively. The strategic and tactical decisions that face information securities are essentially economic in nature. In this paper, Nash Equilibrium [8], one of the most important theories in modern economics, along with Bayesian Equilibrium [6] will be applied to our model of economic perspective of information security. It will mainly focus on how to find the most cost-effective information security products (either one product or combination of them).