 A Cost-Benefit Approach to Optimizing Security Precaution AdoptionNoa Barnir, Neil Gandal, Tyler Moore and Vincent Scott No 21220, CEPR Discussion Papers from Centre for Economic Policy Research Abstract: All U.S defense contractors were required to have fully implemented the 110 security requirements included in NIST Special Publication 800-171 entitled “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations†by 1 January 2018 whenever a system owned, or operated by or for, a contractor processes, stores, or transmits controlled unclassified information (CUI). Despite the mandate, adoption has been minimal, mostly because the requirement is so costly and time-consuming that medium and small firms cannot afford to comply. Since the adoption of security precautions is costly and time-consuming, in this paper, we propose a constrained optimization methodology to examine this issue. Date: 2026-02 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:cpr:ceprdp:21220 Ordering information: This working paper can be ordered from Access Statistics for this paper More papers in CEPR Discussion Papers from Centre for Economic Policy Research 33 Great Sutton Street, London EC1V 0DX, UK. |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.