DIMACS Workshop on Information Security Economics January 18 - 19, 2007 Submissions are due by November 3, 2006 http://dimacs.rutgers.edu/Workshops/InformationSecurity/announcement.html The deployment of an information security solution can be evaluated on whether the benefits expected from its deployment are higher than the costs of its deployment. Yet it is hard to quantify both benefits and costs, due to uncertainty about factors such as attackers' motivations, probability of an attack, and cost of an attack. This uncertainty about the value of tangible costs and benefits is complicated by intangible costs and benefits, such as user and market perceptions of the value of security. The field of economics has well developed theories and methods for addressing with these types of uncertainty. As such, there has been a growing interest in the economics of information security. Past notable work used the tools of economics to offer insights into computer security, offered mathematical economic models of computer security, detailed potential regulatory solutions to computer security, or clarified the challenges of improving security as implemented in practice. The goal of this workshop is to expand that interest in economics of information security. To meet this goal the workshop will bring together researchers already engaged in this interdisciplinary effort with other researchers in areas such as economics, security, theoretical computer science, and statistics. Topics of interest include economics of identity and identity theft, liability, torts, negligence, other legal incentives, game theoretic models, security in open source and free software, cyber-insurance, disaster recovery, reputation economics, network effects in security and privacy, return on security investment, security risk management, security risk perception both of the firm and the individual, economics of trust, economics of vulnerabilities, economics of malicious code, economics of electronic voting security, and economic perspectives on spam.