Economics and Security Resource Page

Ross Anderson


Do we spend enough on keeping ‘hackers’ out of our computer systems? Do we not spend enough? Or do we spend too much? For that matter, do we spend too little on the police and the army, or too much? And do we spend our security budgets on the right things?

The economics of security is a hot and rapidly growing field of research. More and more people are coming to realise that security failures are often due to perverse incentives rather than to the lack of suitable technical protection mechanisms. (Indeed, the former often explain the latter.) While much recent research has been on ‘cyberspace’ security issues — from hacking through fraud to copyright policy — it is expanding to throw light on ‘everyday’ security issues at one end, and to provide new insights and new problems for ‘normal’ computer scientists and economists at the other. In the commercial world, as in the world of diplomacy, there can be complex linkages between security arguments and economic ends.

This page provides links to a number of key papers, conferences, the home pages of active researchers, relevant books, and other resources. Complementary pages include Alessandro Acquisti's privacy economics page, my security psychology page, Jean Camp's bibliography, and job ads for security economists.

Our annual bash is the Workshop on Economics and Information Security, of which the next one will be on June 23-4 2014: see below for links to past workshops, for all the workshop papers to date, and for other conferences with some security economics content.

Introductory Papers

Economics of Privacy

See also Alessandro Acquisti's privacy economics page.

The Information Security Business

Economics of vulnerabilities

Relevant Theory Papers

Measuring Electronic Crime

Information Security Regulation

Copyright and Rights Management

Miscellaneous Papers

Conferences

The event to aim for if you want to keep up with research in this field and get to know people is WEIS – the Workshop on the Economics of Information Security, which happens every June. WEIS 2014 will be held on June 23-24 at Penn State.

These links give you access to all the conference papers.

The Security and Human Behaviour workshop brings security engineers together with psychologists, behavioral economists and others. See

Other relevant conferences include:

Community – Home Pages of People Interested in Security Economics

Books

Other Resources

Here are some suggestions for further reading: