DIMACS Workshop on Information Security Economics

  January 18 - 19, 2007
  DIMACS Center, CoRE Building, Rutgers University

  Alessandro Acquisti, Carnegie Mellon University, [EMAIL PROTECTED] 
  Jean Camp, Indiana University, [EMAIL PROTECTED]

Presented under the auspices of the Special Focus on 
Communication Security and Information Privacy and 
the Special Focus on Computation and the Socio-Economic Sciences.


The deployment of an information security solution can be evaluated on
whether the benefits expected from its deployment are higher than the
costs of its deployment. Yet it is hard to quantify both benefits and
costs, due to uncertainty about factors such as attackers'
motivations, probability of an attack, and cost of an attack. This
uncertainty about the value of tangible costs and benefits is
complicated by intangible costs and benefits, such as user and market
perceptions of the value of security. The field of economics has well
developed theories and methods for addressing with these types of
uncertainty. As such, there has been a growing interest in the
economics of information security. Past notable work used the tools of
economics to offer insights into computer security, offered
mathematical economic models of computer security, detailed potential
regulatory solutions to computer security, or clarified the challenges
of improving security as implemented in practice. The goal of this
workshop is to expand that interest in economics of information
security. To meet this goal the workshop will bring together
researchers already engaged in this interdisciplinary effort with
other researchers in areas such as economics, security, theoretical
computer science, and statistics. Topics of interest include economics
of identity and identity theft, liability, torts, negligence, other
legal incentives, game theoretic models, security in open source and
free software, cyber-insurance, disaster recovery, reputation
economics, network effects in security and privacy, return on security
investment, security risk management, security risk perception both of
the firm and the individual, economics of trust, economics of
vulnerabilities, economics of malicious code, economics of electronic
voting security, and economic perspectives on spam.

Call for Participation:

Investments in information security are contingent on the expected 
benefits and costs of their deployment. Yet, it is difficult to
quantify those trade-offs: uncertainties about attackers' skills and
motivations, systems' dependability, and the consequences of security 
failures are heightened by intangible considerations - such as 
individual perceptions of the value of security. In recent years, 
growing attention has been directed towards the application to
information security of economic models for the evaluation of 
complex trade-offs under risk and uncertainty. This economics 
of information security has offered mathematical models of returns 
on security investments and behavioral models of users' decision 
making; it has detailed regulatory solutions to cyber-security 
issues; and it has clarified the challenges of improving everyday 
security and privacy.

The DIMACS Workshop on Information Security Economics aims at 
enlarging the interest in this area by bringing together 
researchers already engaged in the field with other scientists 
and investigators in disciplines such as economics, business, 
statistics, and computer science. We encourage researchers and 
industry experts to submit manuscripts with original work to the 
Workshop; we especially encourage collaborative and interdisciplinary 
research from authors in multiple fields.

Topics of interest include (but are not limited to) empirical and 
 theoretical works on the economics of:

    * vulnerabilities and malicious code
    * spam, phishing, and identity theft
    * privacy, reputation, and trust
    * DRM and trusted computing
    * cyber-insurance, returns on security investments, and security risk 
    * security risk perception at the firm and individual levels.

Questions about the workshop may be addressed to: [EMAIL PROTECTED]

 Alessandro Acquisti, Carnegie Mellon University, [EMAIL PROTECTED]
 Jean Camp, Indiana University, [EMAIL PROTECTED]

Submission instructions

 Submissions are due by November 3, 2006 (11:59PM PST), preferably in
 PDF format, to: [EMAIL PROTECTED] Submissions should not exceed 
 approximately 10,000 words. Notifications of acceptance for the
 program will be sent by November 18, 2006.


(Pre-registration deadline: January 8, 2007 )

Please see website for complete registration details.

Information on participation, registration, accomodations, and travel 
can be found at:




The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to