The Third Annual Workshop on
Economics and Information Security (WEIS04)

May 13-14, 2004
University of Minnesota
Digital Technology Center

Submissions due: March 1, 2004

How much should we spend to secure our computer systems? Can we
determine which investments will provide the best protection? How will
we know when we've reached our goals? Can market forces ensure that
firms will act to improve security? Can incentives align the goals of
employees with the security goals of their employers?

While security technologies have benefited from decades of study,
there has been a dearth of research into decision making tools
required to choose among these technologies and employ them
properly. The growing importance of information security and the
failings of technology-centric approaches have made security economics
an area ripe for new research. There is much work to be done both in
applying existing economic tools to today's security questions and in
pioneering new economic approaches to address problems unique to the
study of security.

The Third Annual Workshop on Economics and Information Security
(WEIS04) is a successor to the two pioneering workshops on this
subject, held in 2002 at UC Berkeley and in 2003 at
Univ. Maryland. Information about them is available at URLs given at

We encourage economists, computer scientists, security specialists,
business school faculty, and industry experts to submit original
research to the 2004 conference. We would especially like to encourage
collaborative research from authors in multiple fields. Among past and
suggested topics are:

Game theoretic security models
Security investment optimization
Information sharing
Algorithmic mechanism design
DRM and customer lock-in
Economics of privacy
Behavioral security economics
Reputation systems   
Analysis of security solutions market
Threat modeling
Risk management
Security metrics
Security loss estimation
Economics of pseudonyms
Case studies  

There will be no printed proceedings of this workshop, but as with the
preceding workshops, authors of accepted papers will be encouraged to
post their papers and presentation decks on the conference site. There
may later be a printed volume of selected papers from the workshop,
similar to the volume based on the first two workshops that is in

Submissions should not exceed approximately 8,000 words (i.e., about
12 single spaced pages in a standard 11 point font). They must be
submitted by March 1, 2004. Position papers of significantly shorter
length are also welcome. Notification of acceptance for the program
will be sent by April 1, 2004. Submissions should be sent, preferably
in PDF format, to For general
information about the conference, check the website:
or email

Sponsor: Digital Technology Center, University of Minnesota

Cosponsors at the University of Minnesota:

Center for Development of Technological Leadership

Computer Science and Engineering Department

Department of Economics

Department of Rhetoric

Electrical and Computer Engineering Department

Internet Studies Center

MIS Research Center, Carlson School of Management

School of Law

Note: URLs for the first two workshops on Economics and Information Security are