DIMACS Workshop on Information Security Economics
 January 18 - 19, 2007
Submissions are due by November 3, 2006

The deployment of an information security solution can be evaluated on
whether the benefits expected from its deployment are higher than the
costs of its deployment. Yet it is hard to quantify both benefits and
costs, due to uncertainty about factors such as attackers'
motivations, probability of an attack, and cost of an attack. This
uncertainty about the value of tangible costs and benefits is
complicated by intangible costs and benefits, such as user and market
perceptions of the value of security. The field of economics has well
developed theories and methods for addressing with these types of
uncertainty. As such, there has been a growing interest in the
economics of information security. Past notable work used the tools of
economics to offer insights into computer security, offered
mathematical economic models of computer security, detailed potential
regulatory solutions to computer security, or clarified the challenges
of improving security as implemented in practice. The goal of this
workshop is to expand that interest in economics of information
security. To meet this goal the workshop will bring together
researchers already engaged in this interdisciplinary effort with
other researchers in areas such as economics, security, theoretical
computer science, and statistics. Topics of interest include economics
of identity and identity theft, liability, torts, negligence, other
legal incentives, game theoretic models, security in open source and
free software, cyber-insurance, disaster recovery, reputation
economics, network effects in security and privacy, return on security
investment, security risk management, security risk perception both of
the firm and the individual, economics of trust, economics of
vulnerabilities, economics of malicious code, economics of electronic
voting security, and economic perspectives on spam.