Computer Laboratory, University of Cambridge, 15 JJ Thomson Avenue, Cambridge CB3 0FD, UK.
Philos Trans A Math Phys Eng Sci. 2009 Jul 13;367(1898):2717-27. doi: 10.1098/rsta.2009.0027.
Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.
直到大约 2000 年,信息安全被视为一门基于计算机科学的技术学科,但数学在密码学和协议设计中有所帮助。随着研究人员和从业者意识到经济学的重要性,这种观点开始发生变化。随着分布式系统越来越多地由属于具有不同利益的主体的机器组成,激励措施对于可靠性与技术设计同等重要。信息安全经济学这一蓬勃发展的新领域不仅为“安全”主题(如隐私、漏洞、垃圾邮件和网络钓鱼)提供了有价值的见解,还为系统可靠性和政策的更广泛领域提供了有价值的见解。这个研究项目最近开始与心理学互动。其中一个方面是针对网络钓鱼这一增长最快的在线犯罪形式,欺诈者诱骗人们将凭证提供给虚假网站;另一个方面是通过安全可用性的重要性日益增加;第三个方面则来自心理学和经济学传统。这种多学科研究项目的前景是一个分析信息安全问题的新框架——一个既原则又有效的框架。
