Workshop on Economics and Information Security

University of California, Berkeley

May 16-17, 2002

Do we spend enough on keeping `hackers' out of our computer systems? Do we not spend enough? Or do we spend too much?

Many system security failures occur not so much for technical reasons but because of failures of organisation and motivation. For example, the person or company best placed to protect a system may be insufficiently motivated to do so, because the costs of system failure fall on others. Such perverse incentives raise many issues best discussed using economic concepts such as externalities, asymmetric information, adverse selection and moral hazard. They are becoming increasingly important now that information security mechanisms are not merely used to protect against malicious attacks, but also to protect monopolies, differentiate products and segment markets. There are also interesting security issues raised by industry monopolization and the accompanying reduction in product heterogenity. For these and other reasons, the confluence between information security and economics is of growing importance.

Thursday 16th May

0900 Hal Varian, chair - Welcome

1000 Tea

1030 Andrew Odlyzko, chair - "History of security economics"

1200 Lunch

1330 Doug Tygar, chair - "Metrics and markets"

1500 Coffee

1530 Larry Gordon, chair, "Optimal Investments in Information Security"

1700 Drinks

Friday 17th May

0830 Marty Loeb, chair, "Economic Theory Applied to Information Security"

1000 Tea

1030 Ross Anderson, chair, "Incentive-compatability of technical mechanisms"

1230 Lunch

1330 Hal Varian, chair "Liability"

1500 Coffee

1530 Li Gong, chair "Other issues"

Here are links to information about transport, food and lodging around Berkeley.

Program committee: