Description: Practitioners of information security often look to the models and tools provided by economics in order to explain the types of controls that are most effective at limiting the impact of security exposures, ideally deterring attacks completely. For example, the idea that attackers are economically rational is attractive; our resources are limited so we seek to add controls (friction) where they will be most useful, i.e. making an attack "cost" more than the utility an attacker gets out of launching a successful exploit.
In this session we'll discuss how the application of economic theories has been playing out in the real world, and which ideas are the most important to consider when implementing security controls into a system. In particular we'll discuss some principles of game theory, behavioral economics, and design of incentive structures.
Allison Miller manages the Security and Risk Management team at Tagged, the leading social network for meeting new people. Allison has over 10 years of experience in designing, building and deploying real-time threat detection and prevention systems. Miller is active in the security community and presents research on fraud prevention and account security issues regularly to both industry and government audiences, including the ITWeb Security Summit, Black Hat Briefings, SOURCE Conferences (Boston, Barcelona, Seattle), USENIX/Metricon, and RSA. Prior to joining Tagged, Miller led PayPal's Account Risk & Security team and was Director of Product & Technology Risk at Visa International.
Latest from the SecurityTube Blog:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Original Source: http://www.youtube.com/watch?v=_5gEQFEKtsw