The Ninth Workshop on the Economics of Information Security (WEIS 2010)

Harvard University, USA

June 7-8, 2010

Call for Papers (PDF | text)

Information security continues to grow in importance, as threats proliferate, privacy erodes, and attackers find new sources of value. Yet the security of information systems depends on more than just technology. Good security requires an understanding of the incentives and tradeoffs inherent to the behavior of systems and organizations. As society’s dependence on information technology has deepened, policy makers, including the President of the United States, have taken notice. Now more than ever, careful research is needed to accurately characterize threats and countermeasures, in both the public and private sectors.

The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security, combining expertise from the fields of economics, social science, business, law, policy and computer science. Prior workshops have explored the role of incentives between attackers and defenders, identified market failures dogging Internet security, and assessed investments in cyber-defense. This workshop will build on past efforts using empirical and analytic tools to not only understand threats, but also strengthen security through novel evaluations of available solutions. How should information risk be modeled given the constraints of rare incidence and high interdependence? How do individuals’ and organizations’ perceptions of privacy and security color their decision making? How can we move towards a more secure information infrastructure and code base while accounting for the incentives of stakeholders?

We encourage economists, computer scientists, business school researchers, legal scholars, security and privacy specialists, as well as industry experts to submit their research and attend the workshop. Suggested topics include (but are not limited to) empirical and theoretical studies of:

- Optimal investment in information security
- Online crime (including botnets, phishing and spam)
- Models and analysis of online crime
- Risk management and cyberinsurance
- Security standards and regulation
- Cybersecurity policy
- Privacy, confidentiality and anonymity
- Behavioral security and privacy
- Security models and metrics
- Psychology of risk and security
- Vulnerability discovery, disclosure, and patching
- Cyberwar strategy and game theory
- Incentives for information sharing and cooperation

We highlight two key areas of particular focus for this year’s workshop. First, we encourage submissions that consider the design and evaluation of policy solutions for improving information security. Second, given the importance of data-driven decision making, we encourage submissions with empirical components. A selection of papers accepted to this workshop will appear in an edited volume designed to help policy makers, managers, researchers and practitioners better understand the information security landscape.

Important dates

Submissions due: February 22, 2010
Notification of acceptance: April 2, 2010
Workshop: June 7-8, 2010

Papers should be submitted online by 11:59 pm PST on Monday, February 22, 2010, preferably in PDF format.

Submitted manuscripts should represent significant and novel research contributions. Please note that WEIS has no formal formatting guidelines. Previous contributors spanned fields from economics and psychology to computer science and law, each with different norms and expectations about manuscript length and formatting. Advisable rules of thumb include: using past WEIS accepted papers as templates and adhering to your community's publication standards.

WEIS is co-located with the 11th ACM Conference on Electronic Commerce, June 9-11.


Program Chair
Tyler MooreHarvard University
General Chair
Allan Friedman Harvard University
Program Committee
Alessandro AcquistiCarnegie Mellon University
Ross Anderson University of Cambridge
Rainer Böhme ICSI Berkeley
Jean Camp Indiana University
Huseyin CavusogluUniversity of Texas at Dallas
Nicolas Christin Carnegie Mellon University
Benjamin Edelman Harvard Business School
Allan Friedman Harvard University
Neil Gandal Tel Aviv University
Dan Geer In-Q-Tel
Lawrence Gordon University of Maryland
Jens Grossklags Princeton University
Thorsten Holz Technical University of Vienna
M. Eric Johnson Darthmouth Tuck School of Business
Martin Loeb University of Maryland
Tyler Moore Harvard University
Andrew Odlyzko University of Minnesota
David Pym HP Labs and University of Bath
Brent Rowe RTI International
Stuart Schechter Microsoft Research
Bruce Schneier BT Counterpane
Rick Sullivan Federal Reserve Bank of Kansas City
Latanya Sweeney Carnegie Mellon University
Rahul Telang Carnegie Mellon University
Catherine Tucker MIT
Michel van Eeten Delft University of Technology
Hal Varian Google and UC Berkeley
Jonathan Zittrain Harvard Law School