EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Negligence and sanctions in information security investments in a cloud environment

Maurizio Naldi, Marta Flamini () and Giuseppe D’Acquisto ()
Additional contact information
Marta Flamini: Università Telematica Internazionale UNINETTUNO
Giuseppe D’Acquisto: University of Rome Tor Vergata

Electronic Markets, 2018, vol. 28, issue 1, No 4, 39-52

Abstract: Abstract The Learned Hand’s rule, comparing security investments against the expected loss from data breaches, can be used as a simple tool to determine the negligence of the company holding the data. On the other hand, companies may have several incentives to distribute their data over a cloud. In order to analyze the conflict between the sanctioning behavior and the search for economic profit, we employ the well known Gordon-Loeb models, as well as the more recent Huang-Behara models, for the relationship between investments and the probability of money loss due to malicious attacks. In this paper we determine the optimal amount of investments when data are distributed over a cloud and Hand’s rule is applied. We find that the net benefit of investing in security shrinks as the number of repositories making up the cloud grows, till investing becomes non profitable. An implication of our study is that, unless the cloud provider may guarantee a higher security investment productivity, the cloud solution provides a lower net benefit than the centralized one. By the application of Hand’s rule, we show that the company is held negligent if it does not invest just in the case it uses a centralized storage infrastructure or a cloud made of a limited number of repositories: Hand’s rule sanctions the lack of security investments by cloud providers with a limited number of repositories.

Keywords: Security; Privacy; Investments; Cloud; Negligence; Hand’s rule (search for similar items in EconPapers)
JEL-codes: D92 L5 L86 (search for similar items in EconPapers)
Date: 2018
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (4)

Downloads: (external link)
http://link.springer.com/10.1007/s12525-017-0276-z Abstract (text/html)
Access to the full text of the articles in this series is restricted.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:spr:elmark:v:28:y:2018:i:1:d:10.1007_s12525-017-0276-z

Ordering information: This journal article can be ordered from
http://www.springer. ... ystems/journal/12525

DOI: 10.1007/s12525-017-0276-z

Access Statistics for this article

Electronic Markets is currently edited by Rainer Alt and Hans-Dieter Zimmermann

More articles in Electronic Markets from Springer, IIM University of St. Gallen
Bibliographic data for series maintained by Sonal Shukla () and Springer Nature Abstracting and Indexing ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-20
Handle: RePEc:spr:elmark:v:28:y:2018:i:1:d:10.1007_s12525-017-0276-z