DIMACS Workshop on Information Security Economics

January 18-19, 2007 - DIMACS Center, CoRE Building, Rutgers



Investments in information security are contingent on the expected
benefits and costs of their deployment. Yet, it is difficult to
quantify those trade-offs: uncertainties about attackers' skills
and motivations, systems' dependability, and the consequences of
security failures are heightened by intangible considerations -
such as individual perceptions of the value of security. In recent
years, growing attention has been directed towards the application
to information security of economic models for the evaluation of
complex trade-offs under risk and uncertainty. This *economics of
information security* has offered mathematical models of returns
on security investments and behavioral models of users' decision
making; it has detailed regulatory solutions to cyber-security
issues; and it has clarified the challenges of improving everyday
security and privacy.

The DIMACS Workshop on Information Security Economics aims at
enlarging the interest in this area by bringing together
researchers already engaged in the field with other scientists and
investigators in disciplines such as economics, business,
statistics, and computer science. We encourage researchers and
industry experts to submit manuscripts with original work to the
workshop; we especially encourage collaborative and
interdisciplinary research from authors in multiple fields.

Topics of interest include (but are not limited to) empirical and
theoretical works on the economics of:

- vulnerabilities and malicious code
- spam, phishing, and identity theft
- privacy, reputation, and trust
- DRM and trusted computing
- cyber-insurance, returns on security investments, and security risk
- security risk perception at the firm and individual levels.

Questions about the workshop may be addressed to:


Alessandro Acquisti, Carnegie Mellon University

Jean Camp, Indiana University

Submission instructions

Submissions are due by November 3, 2006 (11:59PM PST),
preferably in PDF format, to: dimacs@infosecon.net
Submissions should not exceed approximately 10,000 words.
Notifications of acceptance for the program will be sent by
November 18, 2006.