This workshop at the University of Minnesota asks "How much should we spend to secure our computer systems? Can we determine which investments will provide the best protection? How will we know when we've reached our goals? Can market forces ensure that firms will act to improve security? Can incentives align the goals of employees with the security goals of their employers?"
While security technologies have benefited from decades of study, there has been a dearth of research into decision making tools required to choose among these technologies and employ them properly. The growing importance of information security and the failings of technology-centric approaches have made security economics an area ripe for new research. There is much work to be done both in applying existing economic tools to today's security questions and in pioneering new economic approaches to address problems unique to the study of security.
The Third Annual Workshop on Economics and Information Security (WEIS04) is a successor to the two pioneering workshops on this subject, held in 2002 at UC Berkeley and in 2003 at Univ. Maryland. Information about them is available at URLs given at end.
We encourage economists, computer scientists, security specialists, business school faculty, and industry experts to submit original research to the 2004 conference. We would especially like to encourage collaborative research from authors in multiple fields. Among past and suggested topics are:
Game theoretic security models
Security investment optimization
Information sharing
Algorithmic mechanism design
DRM and customer lock-in
Economics of privacy
Behavioral security economics
Reputation systems Analysis of security solutions market
Threat modeling
Risk management
Security metrics
Security loss estimation
Cyberterrorism
Economics of pseudonyms
Case studies
There will be no printed proceedings of this workshop, but as with the preceding workshops, authors of accepted papers will be encouraged to post their papers and presentation decks on the conference site. There may later be a printed volume of selected papers from the workshop, similar to the volume based on the first two workshops that is in preparation.
Submissions should not exceed approximately 8,000 words (i.e., about 12 single spaced pages in a standard 11 point font). They must be submitted by March 1, 2004. Position papers of significantly shorter length are also welcome. Notification of acceptance for the program will be sent by April 1, 2004. Submissions should be sent, preferably in PDF format, to weissub@dtc.umn.edu. For general information about the conference, check the website: http://www.dtc.umn.edu/weis2004/ or email weisinfo@dtc.umn.edu.