WEIS 2008 - Workshop on the Economics of Information Security June 25-27, 2008 in Hanover, New Hampshire http://weis2008.econinfosec.org Hosted by the Center for Digital Strategies at Dartmouth College's Tuck School of Business, in partnership with the Institute for Information Infrastructure Protection (I3P), which is managed by Dartmouth College. CALL FOR PAPERS Information security requires not only technology, but a clear understanding of risks, decision-making behaviors and metrics for evaluating business and policy options. How much should we spend on security? What incentives really drive privacy decisions? What are the trade-offs that individuals, firms, and governments face when allocating resources to protect data assets? Are there good ways to distribute risks and align goals when securing information systems? While organizations and individuals face new and evolving technical challenges, we know that security and privacy threats rarely have purely technical causes. Economic, behavioral, and legal factors often contribute as much as technology to the dependability of information and information systems. The application of economic analysis to these problems has proven to be an exciting and fruitful area of research. The 2008 Workshop on the Economics of Information Security invites original research papers focused on the economics of information security and the economics of privacy. We encourage economists, computer scientists, business school researchers, law scholars, security and privacy specialists, as well as industry experts to submit their research and attend the Workshop. Suggested topics include (but are not limited to) empirical and theoretical economic studies of: - Optimal investment in information security - Privacy, confidentiality and anonymity - Cybertrust and reputation systems - Intellectual property protection - Information access and provisioning - Risk management and cyberinsurance - Security standards and regulation - Behavioral security and privacy - Cyberterrorism policy - Organizational security and metrics - Psychology of risk and security - Phishing, spam, and cybercrime - Vulnerability discovery, disclosure, and patching Important dates Submissions due: March 1, 2008 Notification of acceptance: April 10, 2008 Workshop: June 25-27, 2008 Papers should be submitted online by 11:59 EST on Saturday, March 1, 2008, preferably in PDF format. Submitted manuscripts should represent significant and novel research contributions. Please note that WEIS has no formal formatting guidelines. Previous contributors spanned fields from economics and psychology to computer science and law, each with different norms and expectations about manuscript length and formatting. Advisable rules of thumb include: using past WEIS accepted papers as templates and adhering to your community's publication standards.