Abstract
IoT is rapidly a developing area, but there are uncertainties about its security and privacy issues. In several IoT services, important data such as personal information are shared between system components. While it may simplify repetitive transactions, keeping the personal information increases the likelihood of identity theft causing direct or indirect damage. This study introduces quantitative analysis based on demand–supply curve for the damage caused by leakages of personal identification information and shows how security investment is decided to adopt high-level security compliance.
Similar content being viewed by others
References
Chae J, Jeong J (2013) Study on decision making for the industrial security management factor’s priority. J Secur Eng 10(2):123–140
Lee C-C, Kim J, Lee C (2014) A comparative study on the priorities between perceived importance and investment of the areas for information security management system. J Korea Inst Inf Secur Cryptol 24:5
Singh D, Tripathi G, Jara AJ (2014) A survey of Internet-of-Things: future vision, architecture, challenges and services. In: 2014 IEEE World Forum on Internet of Things (WF-IoT). IEEE, pp 287–292
Roman R, Najera P, Lopez J (2011) Securing the internet of things. Computer 44(9):51–58
Mattern F, Floerkemeier C (2010) From the Internet of Computers to the Internet of Things. In: Sachs K, Petrov I, Guerrero P (eds) From active data management to event-based systems and more. Springer, Berlin, pp 242–259
Miorandi D et al (2012) Internet of things: vision, applications and research challenges. Ad Hoc Netw 10(7):1497–1516
Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805
Bojanc R, Jerman-Blažič B (2012) Quantitative model for economic analyses of information security investment in an enterprise information system. Organizacija 45(6):276–288
Jerman-Blažič B et al (2012) Managing the investment in information security technology by use of a quantitative modeling. Inf Process Manag 48(6):1031–1052
Mclean G, Brown J (2003) Determining the ROI in IT Security. CA Magazine
Purser SA (2004) Improving the ROI of the security management process. Comput Secur 23(7):542–546
Han C-H et al (2011) A quantitative assessment model of private information breach. J Soc e-Bus Stud 16(4):17–31
Anderson R, Moore T (2006) The economics of information security. Science 314(5799):610–613
Årnes A et al (2006) Using hidden markov models to evaluate the risks of intrusions. In: Zamboni D, Kruegel C (eds) Recent advances in intrusion detection. Springer, Berlin, pp 145–164
Sklavos N, Souras P (2006) Economic models and approaches in information security for computer networks. IJ Netw Secur 2(1):14–20
Gordon LA, Loeb MP (2002) The economics of information security investment. ACM Trans Inf Syst Secur (TISSEC) 5(4):438–457
Campbell K et al (2003) The economic cost of publicly announced information security breaches: empirical evidence from the stock market. J Comput Secur 11(3):431–448
Acknowledgements
This research was supported by the MSIP (Ministry of Science, ICT and Future Planning), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2016-H8501-16-1018) supervised by the IITP (Institute for Information and Communications Technology Promotion).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Koo, C., Kim, J. Enforcing high-level security policies for Internet of Things. J Supercomput 74, 4497–4505 (2018). https://doi.org/10.1007/s11227-017-2201-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-017-2201-9