9th Workshop on the Economics of Information Security (<span class="il">WEIS</span>)<br>
June 7-8, <span class="il">2010</span><br>
Harvard University, Cambridge, MA, USA<br>
<br>
<span class="il">CALL</span> <span class="il">FOR</span> <span class="il">PAPERS</span><br>
<br>
<a href="http://weis2010.econinfosec.org/cfp.html" target="_blank">http://weis2010.econinfosec.org/cfp.html</a><br>
<br>
IMPORTANT DATES<br>
<br>
Submissions due: February 22, <span class="il">2010</span><br>
Notification of acceptance: April 2, <span class="il">2010</span><br>
Workshop: June 7-8, <span class="il">2010</span><br>
<br>
Information security continues to grow in importance, as threats<br>
proliferate, privacy erodes, and attackers find new sources of value.<br>
Yet the security of information systems depends on more than just<br>
technology. Good security requires an understanding of the incentives<br>
and tradeoffs inherent to the behavior of systems and organizations. As<br>
society’s dependence on information technology has deepened, policy<br>
makers, including the President of the United States, have taken<br>
notice. Now more than ever, careful research is needed to accurately<br>
characterize threats and countermeasures, in both the public and<br>
private sectors.<br>
<br>
The Workshop on the Economics of Information Security (<span class="il">WEIS</span>) is the<br>
leading forum <span class="il">for</span> interdisciplinary scholarship on information<br>
security, combining expertise from the fields of economics, social<br>
science, business, law, policy and computer science. Prior workshops<br>
have explored the role of incentives between attackers and defenders,<br>
identified market failures dogging Internet security, and assessed<br>
investments in cyber-defense. This workshop will build on past efforts<br>
using empirical and analytic tools to not only understand threats, but<br>
also strengthen security through novel evaluations of available<br>
solutions. How should information risk be modeled given the constraints<br>
of rare incidence and high interdependence? How do individuals’ and<br>
organizations’ perceptions of privacy and security color their decision<br>
making? How can we move towards a more secure information<br>
infrastructure and code base while accounting <span class="il">for</span> the incentives of<br>
stakeholders?<br>
<br>
We encourage economists, computer scientists, business school<br>
researchers, legal scholars, security and privacy specialists, as well<br>
as industry experts to submit their research and attend the workshop.<br>
Suggested topics include (but are not limited to) empirical and<br>
theoretical studies of:<br>
<br>
- Optimal investment in information security<br>
- Online crime (including botnets, phishing and spam)<br>
- Models and analysis of online crime<br>
- Risk management and cyberinsurance<br>
- Security standards and regulation<br>
- Cybersecurity policy<br>
- Privacy, confidentiality and anonymity<br>
- Behavioral security and privacy<br>
- Security models and metrics<br>
- Psychology of risk and security<br>
- Vulnerability discovery, disclosure, and patching<br>
- Cyberwar strategy and game theory<br>
- Incentives <span class="il">for</span> information sharing and cooperation<br>
<br>
We highlight two key areas of particular focus <span class="il">for</span> this year’s<br>
workshop. First, we encourage submissions that consider the design and<br>
evaluation of policy solutions <span class="il">for</span> improving information security.<br>
Second, given the importance of data-driven decision making, we<br>
encourage submissions with empirical components. A selection of <span class="il">papers</span><br>
accepted to this workshop will appear in an edited volume designed to<br>
help policy makers, managers, researchers and practitioners better<br>
understand the information security landscape.<br>
<br>
<span class="il">Papers</span> should be submitted online by 23:59 PST on Monday, February 22,<br>
<span class="il">2010</span>, preferably in PDF format. Submitted manuscripts should represent<br>
significant and novel research contributions. Please note that <span class="il">WEIS</span> has<br>
no formal formatting guidelines. Previous contributors spanned fields<br>
from economics and psychology to computer science and law, each with<br>
different norms and expectations about manuscript length and<br>
formatting. Advisable rules of thumb include: using past <span class="il">WEIS</span> accepted<br>
<span class="il">papers</span> as templates and adhering to your community's publication<br>
standards.<br>
<br>
<span class="il">WEIS</span> is co-located with the 11th ACM Conference on Electronic Commerce,<br>
June 9-11, <span class="il">2010</span>.<br>
<br>
PROGRAM COMMITTEE<br>
<br>
Alessandro Acquisti, Carnegie Mellon University<br>
Ross Anderson, University of Cambridge<br>
Rainer Böhme, ICSI Berkeley<br>
Jean Camp, Indiana University<br>
Huseyin Cavusoglu, University of Texas at Dallas<br>
Nicolas Christin, Carnegie Mellon University<br>
Benjamin Edelman, Harvard Business School<br>
Allan Friedman, Harvard University (General Chair)<br>
Neil Gandal, Tel Aviv University<br>
Dan Geer, In-Q-Tel<br>
Lawrence Gordon, University of Maryland<br>
Jens Grossklags, Princeton University<br>
Thorsten Holz, Technical University of Vienna<br>
M. Eric Johnson, Dartmouth Tuck School of Business<br>
Martin Loeb, University of Maryland<br>
Tyler Moore, Harvard University (Program Chair)<br>
Andrew Odlyzko, University of Minnesota<br>
David Pym, HP Labs and University of Bath<br>
Brent Rowe, RTI<br>
Stuart Schechter, Microsoft Research<br>
Bruce Schneier, BT Counterpane<br>
Rick Sullivan, Federal Reserve Bank of Kansas City<br>
Latanya Sweeney, Carnegie Mellon University<br>
Rahul Telang, Carnegie Mellon University<br>
Catherine Tucker, MIT<br>
Michel van Eeten, Delft University of Technology<br>
Hal Varian, Google and UC Berkeley<br>
Jonathan Zittrain, Harvard Law School<br>