這次主題是安全經濟:信息時代的商品的主要特色是**信息商品**,從商品本身的特性出發,對安全進行探討。
信息時代的商品的特點是,信息產品的“邊緣成本”(簡單理解爲:複製成本)爲0,也就是基本上來說:用戶數量再多,也不會增加產品or服務的成本。(當然,用戶數量級上去了之後,服務器的成本有一定增加)。
接下來引用書中的原文:
So what other characteristics of the information goods and services industries are particularly important?
翻譯:信息商品和信息服務的產業有哪些重要特性呢?
Economics of Privacy
The big conundrum with privacy is that people say that they value privacy,yet act otherwise. If you stop people in the street and ask them their views,about a third say they are privacy fundamentalists and will never hand over their personal information to marketers or anyone else; about a third say they don’t care; and about a third are in the middle, saying they’d take a pragmatic view of the risks and benefits of any disclosure. However, the behavior that people exhibit via their shopping behavior — both online and offline — is quite different; the great majority of people pay little heed to privacy, and will give away the most sensitive information for little benefit. Privacy-enhancing technologies have been offered for sale by various firms, yet most have failed in the marketplace.
翻譯:隱私經濟:人們雖然嘴上說着重視隱私,但是其實,一點點利益他們就會出賣自己的隱私。
Economics of DRM
維基百科:數位版權管理(英語:Digital rights management,縮寫為DRM)是一系列存取控制技術,通常用於控制數位內容和裝置在被銷售之後的使用過程。DRM有時也稱為拷貝保護、複製控制、技術保護措施等,但這些稱呼存在爭議。
Many systems fail because the incentives are wrong, rather than because of some technical design mistake. As a result, the security engineer needs to understand basic economics as well as the basics of crypto, protocols, access controls and psychology. Security economics is a rapidly growing research area that explains many of the things that we used to consider just ‘bad weather’,such as the insecurity of Windows. It constantly throws up fascinating new insights into all sorts of questions from how to optimise the patching cycle through whether people really care about privacy to what legislators might do about DRM.
翻譯:很多系統的失敗不是因爲技術設計導致的,而是激勵措施錯了。因此安全工程師要像瞭解基礎技術一樣的瞭解:加密基礎,協議基礎,接觸控制,心理學。