Do we spend enough on keeping `hackers' out of our computer systems? Do we not spend enough? Or do we spend too much?
Many system security failures occur not so much for technical reasons but because of failures of organisation and motivation. For example, the person or company best placed to protect a system may be insufficiently motivated to do so, because the costs of system failure fall on others. Such perverse incentives raise many issues best discussed using economic concepts such as externalities, asymmetric information, adverse selection and moral hazard. They are becoming increasingly important now that information security mechanisms are not merely used to protect against malicious attacks, but also to protect monopolies, differentiate products and segment markets. There are also interesting security issues raised by industry monopolization and the accompanying reduction in product heterogenity. For these and other reasons, the confluence between information security and economics is of growing importance.
Thursday 16th May
0900 Hal Varian, chair - Welcome
1030 Andrew Odlyzko, chair - "History of security economics"
1330 Doug Tygar, chair - "Metrics and markets"
1530 Larry Gordon, chair, "Optimal Investments in Information Security"
Friday 17th May
0830 Marty Loeb, chair, "Economic Theory Applied to Information Security"
1030 Ross Anderson, chair, "Incentive-compatability of technical mechanisms"
1330 Hal Varian, chair "Liability"
1530 Li Gong, chair "Other issues"
Here are links to information about transport, food and lodging around Berkeley.