The wave of data breaches raises two pressing questions: Why don’t we defend our networks better? And, what practical incentives can we create to improve our defenses? Why Don't We Defend Better?: Data Breaches, Risk Management, and Public Policy answers those questions. It distinguishes three technical sources of data breaches corresponding to three types of vulnerabilities: software, human, and network. It discusses two risk management goals: business and consumer. The authors propose mandatory anonymous reporting of information as an essential step toward better defense, as well as a general reporting requirement. They also provide a systematic overview of data breach defense, combining technological and public policy considerations.
2 Software Vulnerabilities
3 (Mis)management: Failing to Defend Against Technical Attacks
4 A Mandatory Reporting Proposal
5 Outsourcing Security
6 The Internet of Things
7 Human Vulnerabilities
8 Seeing the Forest: An Overview of Policy Proposals