************************************************* DIMACS Workshop on Information Security Economics
January 18 - 19, 2007 DIMACS Center, CoRE Building, Rutgers University Organizers: Alessandro Acquisti, Carnegie Mellon University, [EMAIL PROTECTED] Jean Camp, Indiana University, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy and the Special Focus on Computation and the Socio-Economic Sciences. ************************************************ The deployment of an information security solution can be evaluated on whether the benefits expected from its deployment are higher than the costs of its deployment. Yet it is hard to quantify both benefits and costs, due to uncertainty about factors such as attackers' motivations, probability of an attack, and cost of an attack. This uncertainty about the value of tangible costs and benefits is complicated by intangible costs and benefits, such as user and market perceptions of the value of security. The field of economics has well developed theories and methods for addressing with these types of uncertainty. As such, there has been a growing interest in the economics of information security. Past notable work used the tools of economics to offer insights into computer security, offered mathematical economic models of computer security, detailed potential regulatory solutions to computer security, or clarified the challenges of improving security as implemented in practice. The goal of this workshop is to expand that interest in economics of information security. To meet this goal the workshop will bring together researchers already engaged in this interdisciplinary effort with other researchers in areas such as economics, security, theoretical computer science, and statistics. Topics of interest include economics of identity and identity theft, liability, torts, negligence, other legal incentives, game theoretic models, security in open source and free software, cyber-insurance, disaster recovery, reputation economics, network effects in security and privacy, return on security investment, security risk management, security risk perception both of the firm and the individual, economics of trust, economics of vulnerabilities, economics of malicious code, economics of electronic voting security, and economic perspectives on spam. ******************************************************************** Call for Participation: Investments in information security are contingent on the expected benefits and costs of their deployment. Yet, it is difficult to quantify those trade-offs: uncertainties about attackers' skills and motivations, systems' dependability, and the consequences of security failures are heightened by intangible considerations - such as individual perceptions of the value of security. In recent years, growing attention has been directed towards the application to information security of economic models for the evaluation of complex trade-offs under risk and uncertainty. This economics of information security has offered mathematical models of returns on security investments and behavioral models of users' decision making; it has detailed regulatory solutions to cyber-security issues; and it has clarified the challenges of improving everyday security and privacy. The DIMACS Workshop on Information Security Economics aims at enlarging the interest in this area by bringing together researchers already engaged in the field with other scientists and investigators in disciplines such as economics, business, statistics, and computer science. We encourage researchers and industry experts to submit manuscripts with original work to the Workshop; we especially encourage collaborative and interdisciplinary research from authors in multiple fields. Topics of interest include (but are not limited to) empirical and theoretical works on the economics of: * vulnerabilities and malicious code * spam, phishing, and identity theft * privacy, reputation, and trust * DRM and trusted computing * cyber-insurance, returns on security investments, and security risk management * security risk perception at the firm and individual levels. Questions about the workshop may be addressed to: [EMAIL PROTECTED] Organizers: Alessandro Acquisti, Carnegie Mellon University, [EMAIL PROTECTED] Jean Camp, Indiana University, [EMAIL PROTECTED] Submission instructions Submissions are due by November 3, 2006 (11:59PM PST), preferably in PDF format, to: [EMAIL PROTECTED] Submissions should not exceed approximately 10,000 words. Notifications of acceptance for the program will be sent by November 18, 2006. ******************************************************************** Registration: (Pre-registration deadline: January 8, 2007 ) Please see website for complete registration details. ********************************************************************* Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/InformationSecurity/ **PLEASE BE SURE TO PRE-REGISTER EARLY** ******************************************************************** --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]