Abstract

https://ssrn.com/abstract=1000369
 
 

References (25)



 
 

Citations (10)



 


 



Sharing Information on Computer Systems Security: An Economic Analysis


Lawrence A. Gordon


University of Maryland - Department of Accounting & Information Assurance

Martin P. Loeb


University of Maryland - Robert H. Smith School of Business

William Lucyshyn


University of Maryland - Center for Public Policy and Private Enterprise


Journal of Accounting and Public Policy, Vol. 22, No. 6, 2003

Abstract:     
The US federal government has fostered a movement toward sharing information concerning computer security, with particular emphasis on protecting critical infrastructure assets that are largely owned by the private sector. As information security is paramount to accurate financial reporting and the provision of timely and relevant managerial accounting reports for decision-making, the issue of sharing information on computer systems security has direct relevance to accounting, as well as to public policy. This paper presents a model to examine the welfare economic implications of this movement. In the absence of information sharing, each firm independently sets its information security expenditures at a level where the marginal benefits equal the marginal costs. It is shown that when information is shared, each firm reduces the amount spent on information security activities. Nevertheless, information sharing can lead to an increased level of information security. The paper provides necessary and sufficient conditions for information sharing to lead to an increased (decreased) level of information security. The level of information security that would be optimal for a firm in the absence of information sharing can be attained by the firm at a lesser cost when computer security information is shared. Hence, sharing provides benefits to each firm and total welfare also increases. However, in the absence of appropriate incentive mechanisms, each firm will attempt to free ride on the security expenditures of other firms (i.e., renege from the sharing agreement and refuse to share information). This latter situation results in the underinvestment of information security. Thus, appropriate incentive mechanisms are necessary for increases in both firm-level profits and social welfare to be realized from information sharing arrangements.

Number of Pages in PDF File: 39

Keywords: Information sharing, Cyber security, Information security economics, Homeland security


Open PDF in Browser Download This Paper

Date posted: July 16, 2007  

Suggested Citation

Gordon, Lawrence A. and Loeb, Martin P. and Lucyshyn, William, Sharing Information on Computer Systems Security: An Economic Analysis. Journal of Accounting and Public Policy, Vol. 22, No. 6, 2003. Available at SSRN: https://ssrn.com/abstract=1000369

Contact Information

Lawrence A. Gordon (Contact Author)
University of Maryland - Department of Accounting & Information Assurance ( email )
Robert H. Smith School of Business
College Park, MD 20742-9157
United States
Martin P. Loeb
University of Maryland - Robert H. Smith School of Business ( email )
Robert H. Smith School of Business
College Park, MD 20742-1815
United States
301-405-2209 (Phone)
301-314-9157 (Fax)
William Lucyshyn
University of Maryland - Center for Public Policy and Private Enterprise ( email )
College Park, MD 20742-1815
United States
301 405-8257 (Phone)
Feedback to SSRN


Paper statistics
Abstract Views: 2,273
Downloads: 475
Download Rank: 45,580
References:  25
Citations:  10