WEIS 2008 - Workshop on the Economics of Information Security

June 25-27, 2008 in Hanover, New Hampshire


Hosted by the Center for Digital Strategies at Dartmouth College's Tuck
School of Business, in partnership with the Institute for Information
Infrastructure Protection (I3P), which is managed by Dartmouth College.


Information security requires not only technology, but a clear
understanding of risks, decision-making behaviors and metrics for
evaluating business and policy options. How much should we spend on
security? What incentives really drive privacy decisions? What are the
trade-offs that individuals, firms, and governments face when allocating
resources to protect data assets? Are there good ways to distribute
risks and align goals when securing information systems?

While organizations and individuals face new and evolving technical
challenges, we know that security and privacy threats rarely have purely
technical causes. Economic, behavioral, and legal factors often
contribute as much as technology to the dependability of information and
information systems. The application of economic analysis to these
problems has proven to be an exciting and fruitful area of research. 

The 2008 Workshop on the Economics of Information Security invites
original research papers focused on the economics of information
security and the economics of privacy. We encourage economists, computer
scientists, business school researchers, law scholars, security and
privacy specialists, as well as industry experts to submit their
research and attend the Workshop. Suggested topics include (but are not
limited to) empirical and theoretical economic studies of:

- Optimal investment in information security
- Privacy, confidentiality and anonymity 
- Cybertrust and reputation systems 
- Intellectual property protection
- Information access and provisioning
- Risk management and cyberinsurance 
- Security standards and regulation 
- Behavioral security and privacy 
- Cyberterrorism policy 
- Organizational security and metrics
- Psychology of risk and security
- Phishing, spam, and cybercrime
- Vulnerability discovery, disclosure, and patching 

Important dates

Submissions due: March 1, 2008
Notification of acceptance: April 10, 2008
Workshop: June 25-27, 2008

Papers should be submitted online by 11:59 EST on Saturday, March 1,
2008, preferably in PDF format.

Submitted manuscripts should represent significant and novel research
contributions. Please note that WEIS has no formal formatting
guidelines. Previous contributors spanned fields from economics and
psychology to computer science and law, each with different norms and
expectations about manuscript length and formatting. Advisable rules of
thumb include: using past WEIS accepted papers as templates and adhering
to your community's publication standards.