A while ago I obtained a paper by Ross Anderson entitled “Why Information Security is Hard – An Economic Perspective“. I don’t remember where I first encountered the paper but it was likely from TaoSecurity or Bruce Schneier. I finally got around to reading the paper and found it a very interesting read. I’ll probably read it again. The author concludes the paper with:
In other words, the management of information security is a much deeper and more political problem han is usually realized; solutions are likely to be subtle and partial, while many simplistic technical approaches are bound to fail. The time has come for engineers, economists, lawyers and policymakers to try to forge common approaches.