DIMACS Workshop on Information Security Economics

January 18 - 19, 2007
DIMACS Center, CoRE Building, Rutgers University

Jean Camp, Indiana University, ljean@ljean.com
Alessandro Acquisti, Carnegie Mellon University, acquisti@andrew.cmu.edu
Presented under the auspices of the Special Focus on Communication Security and Information Privacy and
Special Focus on Computation and the Socio-Economic Sciences.
The deployment of an information security solution can be evaluated on whether the benefits expected from its deployment are higher than the costs of its deployment. Yet it is hard to quantify both benefits and costs, due to uncertainty about factors such as attackers' motivations, probability of an attack, and cost of an attack. This uncertainty about the value of tangible costs and benefits is complicated by intangible costs and benefits, such as user and market perceptions of the value of security. The field of economics has well developed theories and methods for addressing with these types of uncertainty. As such, there has been a growing interest in the economics of information security. Past notable work used the tools of economics to offer insights into computer security, offered mathematical economic models of computer security, detailed potential regulatory solutions to computer security, or clarified the challenges of improving security as implemented in practice. The goal of this workshop is to expand that interest in economics of information security. To meet this goal the workshop will bring together researchers already engaged in this interdisciplinary effort with other researchers in areas such as economics, security, theoretical computer science, and statistics. Topics of interest include economics of identity and identity theft, liability, torts, negligence, other legal incentives, game theoretic models, security in open source and free software, cyber-insurance, disaster recovery, reputation economics, network effects in security and privacy, return on security investment, security risk management, security risk perception both of the firm and the individual, economics of trust, economics of vulnerabilities, economics of malicious code, economics of electronic voting security, and economic perspectives on spam.
Next: Call for Participation
Workshop Index
DIMACS Homepage
Contacting the Center
Document last modified on February 13, 2006.