Category Archives: Security
Data breaches matter...in the short term
In the past, a few studies addressed the problem of understanding the impact of a data breach suffered by a company on the company's value (see, e.g. the paper "The effect of internet security breach announcements on market value" by Cavusoglu … Continue reading
Some old data on data breaches
Data breaches are always a concern, so that data on their diffusion and ensuing damages are always welcome. I've just read a recently published paper on the subject: "Towards a Model for Data Breaches: An Universal Problem for the Public". … Continue reading
The Annual Privacy Forum 2014
Last week I was in Athens to attend the Annual Privacy Forum, jointly organized by a mixed set of organizations: ENISA (the European Union Agency for Network and Information Security), the European Commission (Directorate General for Communications Networks, Content and Technology), … Continue reading
The right price for our personal data
For a long time academic researchers have tried to understand how much people value their privacy, i.e., their personal data in a panorama where information about customers' habits and attitudes is the key to more profitable business. The answers have … Continue reading
A look at GECON 2013
Last month I have attended the GECON 2013 conference. The long name of the conference is The 10th International Conference on Economics of Grids, Clouds, Systems, and Services. Very well hosted by the colleagues at the University of Zaragoza in Spain, … Continue reading
The role of customers in data breach events and security investments
In the most established model to evaluate the effectiveness of security investments by Gordon and Loeb, the probability of data breaches is represented as a function of investments only. The more the company invests to protect the data of its … Continue reading
If the provider has to compensate for data breaches...
....revenues can be the right basis to do it. Proposals for holding the service provider liable for damages suffered by its customers due to data breaches have been submitted in the past. In our papers "Liability for Data Breaches: A … Continue reading
Our paper on security investment accepted at NSS conference
Our paper "Liability for data breaches: a proposal for a revenue-based sanctioning approach", concerning the use of sanctions to spur security investments, has been accepted for presentation at the 7th International Conference on Network and System Security (NSS 2013), to be … Continue reading
Lack of cloud security may add hidden costs...
In a video interview, Char Sample, CERT security solutions engineer, highlights security problems in clouds and suggests that the search for efficiency and cost reduction may lead to the cloud being prone to attacks, so that cloud migration may not be … Continue reading