Linkage




Recently Added:

Finally updated bibliography


Bibliography

The bibliography that follows is intended as a complement to Acquisti's Economics of Privacy and Anderson's Economics and Security Resource Page. In addition, Ross has now constructed a a pscychology of security resource. The Economics of networks page maintainted by Nicholas Economides contains a bibliography and the excellent introductory article properly entitled "Economics of Networks". There is also Hal Varian's page on The Information Economy. Another useful resource is Schneier on Security.

Please see also the list of monographs in addition to this listing of papers and articles.

This bibliography, and the entire site, is maintained by Jean Camp. Contact her at ljean.com for additions.

2001 and Before

R. Anderson, Why Information Security is Hard-An Economic Perspective, ACSAC '01: Proceedings of the 17th Annual Computer Security Applications Conference, 2001, IEEE Computer Society, Washington, DC, available online at www.cl.cam.ac.uk/ftp/users/rja14/econ.pdf
comment: describes and illustrates the need to align security technology with economic incentives

L Jean Camp and Catherine Wolfram, Pricing Security, Proceedings of the CERT Information Survivability Workshop, 2000 Oct 24-26, pp. 31-39, Boston, MA,
available online at papers.ssrn.com/sol3/papers.cfm?abstract_id=894966},
comment: defines securit yvulnerabilities as an externalities

Daniel E. Geer, 2001. Return on security investment: calculating the security investment equation. Secure Business Quarterly 1 (2)

Lawrence A. Gordon and Martin P. Loeb, Using information security as a response to competitor analysis systems, Commun. ACM, Vol. 44, 9, 2001, pp. 70-75,
available online at http://doi.acm.org/10.1145/383694.383709 ACM Press, New York, NY

Ross Anderson, 2001, Security Engineering: A Guide to Building Dependable Distributed Systems, New York, John Wiley and Sons

Camp, L. J., 2001, Trust and Risk in Electronic Commerce, Cambridge, MA, The MIT Press

R. Friedman and M. Resnick, 1998, The Social Cost of Cheap Pseudonyms, Journal of Economics and Management Strategy, Vol. 10, no=2, pp. 173-199, comment: in systems where identities are easy to create, new identities are not trusted

C. Dwork and M. Naor, 1993, Pricing via Processing, Or, Combating Junk Mail, Advances in Cryptology CRYPTO92, Lecture Notes in Computer Science, Vol. 74, pp. 139-147, Springer.

Wei Fan, Wenke Lee, Sal Stolfo, and Matthew Miller, A Multiple Model Cost-Sensitive Approach for Intrusion Detection, Eleventh European Conference on Machine Learning (ECML '00) 2000, http://www1.cs.columbia.edu/ids/publications/cost-ecml00.ps

2002

Gordon, Lawrence A. and Martin P. Loeb, Return on Information Security Investments: Myths vs. Reality, Strategic Finance, November 2002, pp. 26-31

Ross Anderson, Maybe we spend too much?, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/37.txt

Bruce Schnieier, No, we don't spend enough!, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/18.doc. comment: we don't spend enough on security, and the risk is not fair to those who invest

Lawrence A. Gordon and Martin P. LoebThe Economics of Investment in Information Security ACM Transactions on Information and System Security, November 2002, pp. 438-457. (Reprinted on pages 129-142 in Economics of Information Security, 2004, Springer, Camp and Lewis, eds.)

Carl Landwehr, Improving Information Flow in the Information Security Market, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/11.doc

Li Gong, Non-Technical Influences on the Design of the Java Security Architecture, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/47.txt

Bob Blakley, The Measure of Information Security is Dollars, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/54.pdf

L. Jean Camp, Marketplace Incentives to Prevent Piracy: An Incentive for Security?, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/29.txt

Andrew Odlyzko, Privacy, Economics, and Price Discrimination on the Internet, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/52.txt

Kevin Soo Hoo, How Much Is Enough? A Risk Management Approach to Computer Security, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/06.doc

Brian Carini, Dynamics and Equilibria of Information Security Investments, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/34.doc

Kin Sing Leung, Diverging economic incentives caused by innovation for security updates on an information network, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/19.pdf

Rahul Sami, Agents' privacy in distributed algorithmic mechanisms, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/05.pdf

Hal Varian, System Reliability and Free Riding, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/49.pdf

Alessandro Acquisti, Security of Personal Information and Privacy: Economic Incentives and Technological Solutions, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/36.doc

John Mitchell, Distributed algorithmic mechanism design and network security, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/42.pdf

Tomas Sander, Economic Barriers to the Deployment of Existing Privacy Technologies, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/23.pdf

Stuart Schechter, Quantitatively Differentiating System Security, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/31.pdf

Yvo Desmedt, Using economics to model threats and security in distributed computing, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/33.ps

Mike Fisk, Causes and Remedies for Social Acceptance of Network Insecurity, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/35.pdf

Rafael Yahalom, Liability Transfers in Network Exchanges, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/46.ps

W Yurcik, Cyberinsurance: A Market Solution to Internet Security Market Failure, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/53.pdf

Robert Gehring, Software development, Intellectual Property Rights, and IT Security, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/44.pdf

Paul Thompson, Cognitive Hacking and the Value of Information, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/15.doc

Lawrence A. Gordon and Martin P. Loeb and William Lucyshyn, An Economics Perspective on the Sharing ofInformation Related to Security Breaches: Concepts and Empirical Evidence, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/51.doc. comment: overview of game theoretic findings relevant to ISACs, shows ISACs have value even if some participants are not entirely honest

Thomas-Xavier Martin, Experience of the French Gendarmerie, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/13.txt

Barb Fox, Internet TAO: The Microeconomics of Internet Standards-Setting, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA, available online, at http://www2.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/12.doc

Stuart E. Schechter, Computer Security Strength and Risk: A Quantitative Approach, Workshop on the Economics of Information Security, 2002 May 16-17, Berkeley, CA

H. Hocheiser, The platform for privacy preference as a social protocol: An examination within the U.S. policy context, ACM Trans. Internet Tech., Vol. 2, 4, 2002, 276-306,
available online at http://doi.acm.org/10.1145/604596.604598,
comment: P3P has an invalid economic and incentive model; however, it was quite effective in preventing general data protection legislation

Pam Samuelson and Suzanne Scotchmere, The Law and Economics of Reverse Engineering, Yale Law Journal, 2002, 1575-1663

H. Nissenbaum, E. Felton and Friedman, Computer Security: Competing Concepts, The 30th Research Conference on Communication, Information and Internet Policy, Sept. 2002, Washington D.C

S. Tadelis, 2002, The Market for Reputations as an Incentive Mechanism, Journal of Political Economy, Vol. 92, number= 2, pp. 854-882

Josh Lerner and Jean Tirole, The Simple Economics of Open Source, Journal of Industrial Economics, Vol. 42, pp. 197-234, 2002



2003

Computational Methods for Dynamic Graphs, C.Cortes, D. Pregibon, and C. Volinsky, Journal of Computational and Graphical Statistics, Vol 12 pp 950-970 (2003). http://homepage.mac.com/darylpregibon/papers/jcgs.pdf
comment: This careful, methodological paper describes how individuals can be identified from their call patterns alone. Assuming that web browsing has more information than simple number tracing, this has implications for privacy preferences.

Gordon, Lawrence A., Martin P. Loeb, and William Lucyshyn, Sharing Information on Computer Systems: An Economic Analysis, Journal of Accounting and Public Policy, Vol. 22, No. 6, 2003, pp. 461-485

Gordon, Lawrence A. and Martin P. Loeb, Expenditures on Competitor Analysis and Information Security: A Management Accounting Perspective, Chapter in Management Accounting in the Digital Economy (Oxford University Press), A. Bhimini (ed), 2003, pp. 95-111

Gordon, Lawrence A., Martin P. Loeb, and William Lucyshyn, Information Security Expenditures and Real Options: A Wait-and-See Approach, Computer Security Journal, Vol 19, No. 2, 2003, pp. 1-7

Campbell, K., L. A. Gordon, M.P. Loeb, and L. Zhou The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market, Journal of Computer Security, Vol. 11,No. 3, 2003, pp. 431-448. Available online at http://brief.weburb.dk/archive/00000130/01/2003-costs-security-on-stockvalue-9972866.pdf

Gordon, Lawrence A., Martin P. Loeb and Tashfeen Sohail, A Framework for Using Insurance for Cyber Risk Management, Communications of the ACM, March 2003, pp. 81-85

Ross Anderson, Cryptology and Competition Policy-Issues with Trusted Computing, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session1_anderson.pdf

M. Howard, J. Pincus, and J. M. Wing, Measuring Relative Attack Surfaces, Proceedings of Workshop on Advanced Developments in Software and Systems Security, Taipei, December 2003.http://www.cs.cmu.edu/%7Ewing/publications/Howard-Wing03.pdf

Stephen R. Lewis, How Much is Stronger DRM Worth?, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session1_lewis.pdf, (later published in pp. 53-58, Ch. 4, eds. L Jean Camp and Stephen Lewis, Economics of Information Security, Springer, Vol. 12, 2004, New York, NY). comment: competing with free requires frictionless commerce and a better experience. every dollar invested in DRM that results in a lower quality consumer experience is a dollar spent driving users to free, illegal but usable alternatives.

Stuart E. Schecter and Rachel A. Greenstadt and Michael D. Smith, Trusted Computing, Peer-to-Peer Distribution, and the Economics of Pirated Entertainment, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.eecs.harvard.edu/%7Estuart/papers/eis03.pdf

Huseyin Cavusoglu and Srinivasan Raghunathan and Birendra Mishra, Quantifying the Value of IT Security Mechanisms and Setting Up an Effective Security Architecture, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session2_cavusoglu.raghunathan.mishra.pdf

Fariborz Farahmand and Shamkant B. Navathe and Gunter P. Sharp and Philip H. Enslow, Evaluating Damages Caused By Information Systems Security Incidents, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session2_farahmand.navathe.sharp.enslow.pdf

Paul Syverson, The Paradoxical Value of Privacy, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session3_syverson.pdf

Tony Vila and Rachel Greenstadt and David Molnar, Why We Can't be Bothered to Read Privacy Policies Models of Privacy Economics as a Lemons Market, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session3_molnar.greenstadt.vila.pdf, (later published in pp. 143-154, Ch. 11, eds. L Jean Camp and Stephen Lewis, Economics of Information Security, Vol. 12, 2004, New York, NY). comment: Direct incentives are required to protect privacy. The market by itself will not reach a equilibrium where privacy policies are readable, read and reliable.

Adam Shostack, Paying for Privacy: Consumers and Infrastructures, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session3_shostack_privacy.pdf

Alessandro Acquisti and Jens Grossklags, Losses, Gains, and Hyperbolic Discounting: An Experimental Approach to Information Security Attitudes and Behaviors, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session6_acquisti.grossklags.pdf

Allan Friedman and L. Jean Camp, Making Security Manifest, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session6_camp.friedman.pdf

Bruce Schneier, Evaluating Security Systems: A Five-Step Process, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session6_schneier.pdf

Esther Gal-Or and Anindya Ghose, The Economic Consequences of Sharing Security Information, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session7_galor.ghose.pdf, (later published in pp. 95-105, Ch. 8, eds. L Jean Camp and Stephen Lewis, Economics of Information Security, Springer, Vol. 12, 2004, New York, NY). Comment: illustrates that the sharing of information by an organization is a complement to security investment, and that because security can cause upward pressure on prices indicates that such sharing is particularly valuable in low-margin businesses

Lawrence A. Gordon and Martin P. Loeb and William Lucyshyn, Economic Aspects of Controlling Capital Investments in Cyberspace Security for Critical Infrastructure Assets, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session7_lucyshyn.loeb.gordon.pdf

Patrick Legros and Andrew F. Newman, Interfering in e-Contracting, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session6_legros.newman.pdf

Tom Lookabaugh and Douglas C. Sicker, Security and Lock-In: The Case of the U.S. Cable Industry, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session8_lookabaugh.sicker.pdf

Mauro Sandrini, We Want Security But We Hate It. The Foundations of Security Technoeconomics in the Social World, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session8_sandrini.pdf, (later published in pp. 213-224, Ch. 16, eds. L Jean Camp and Stephen Lewis, Economics of Information Security, Springer, Vol. 12, 2004, New York, NY). comment: Individuals seek to escape for security technologies that are controlling. Consider the end user incentives when designing security systems.

Nicholas Rosasco and David Larochelle, How and Why a More Secure Technologies Succeed in Legacy Markets: Lessons from the Success of SSH, Second Workshop on the Economics of Information Security, 2003, College Park, MD, available online, at http://www.cpppe.umd.edu/rhsmith3/papers/Final_session3_farahmand.navathe.sharp.enslow.pdf

Darrell M. Kienzle and Matthew C. Elder, Recent worms: a survey and trends, WORM '03: Proceedings of the 2003 ACM workshop on Rapid malcode, 2003, 1-10, Washington, DC, ACM Press, New York, NY,
comment: a comprehensive survey of worms that illustrates some of the most damaging have been the least novel

Hal Varian, System Reliability and Free Riding, eds. N. Sadeh, Proceedings of the ICEC 2003, 2003, 355-366, ACM Press, New York, NY,
comment: in all cases the socially optimal investment is greater than the Paredo optimal investment, excluding one degenerate case where all organizations face the same cost/benefit ratio

L. Jean Camp and Carlos Osorio, Privacy Enhancing Technologies for Internet Commerce, Trust in the Network Economy, 2003, Ch. 12, Berlin, DE, Springer-Verlag,
available online, at http://ssrn.com/abstract=329282 , comment: privacy enhancing companies send confused signals about what actual privacy they are providing. the survivors of the PET boom of the nineties are the companies that provided true privacy including the Anonymizer

Ross Anderson, Cryptography and competition policy: issues with trusted computing PODC '03: Proceedings of the twenty-second annual symposium on Principles of distributed computing, 2003, pp. 3-10, Boston, Massachusetts,
available online at http://doi.acm.org/10.1145/872035.872036, ACM Press, New York, NY

Roger Dingledine, Nick Mathewson, Paul Syverson, Reputation in P2P Anonymity Systems, Workshop on Economics of p2p Systems, 2003, Washington, DC, ACM Press, New York, NY

T. S. Kent and L. I. Millett, Who Goes There? Authentication Through the Lens of Privacy on Authentication Technologies and Their Privacy Implications, Washington, DC, National Research Council, 2003



2004

J Scott Marcus, "Evolving Core Capabilities of the Internet", Journal on Telecommunications and High Technology Law, 2004, available at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=921903.

Eric Rescorla, Is finding security holes a good idea?, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/rescorla.pdf

Ashish Arora and Rahul Telang and Hao Xu, Optimal Policy for Software Vulnerability Disclosure, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/xu.pdf. comment: central coordination is required for an optimal market for vulnerabilities

Hal Varian and Fredrik Wallenberg and Glenn Woroch, Who Signed Up for the Do-Not-Call List?, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/varian.pdf

Alessandro Acquisti and Jens Grossklags, Privacy and Rationality: Preliminary Evidence from Pilot Data, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/acquisti.pdf

Ashish Arora and Ramayya Krishnan and Anand Nandkumar and Rahul Telang and Yubao Yang, Impact of Vulnerability Disclosure and Patch Availability -- An Empirical Analysis, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/telang.pdf. comment: Honeypots, two experiments Publication & patching increase attacks by.02 attacks/day Disclosure increases attacks by.26, patching decreases by.5

Karthik Kannan and Rahul Telang, An Economic Analysis of Market for Software Vulnerabilities, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/kannan-telang.pdf. comment: Markets will increase investigation but will also increase exposure. The optimal market would be one where there was a single purchaser that excludes no party from the information. This suggest direct governmental participation

George Danezis and Ross Anderson, The Economics of Censorship Resistance, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/danezis.pdf

Roger Adkins, An Insurance Style Model for Determining the Appropriate Investment Level against Maximum Loss arising from an Information Security Breach, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/adkins.pdf

Andrei Serjantov and Ross Anderson, On dealing with adversaries fairly, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/serjantov.pdf

Michal Feldman and Christos Papadimitriou and John Chuang and Ion Stoica, Free-Riding and Whitewashing in Peer-to-Peer Systems, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/feldman.pdf

Rupert Gatti and Stephen Lewis and Andy Ozment and Thierry Rayna and Andrei Serjantov, Sufficiently Secure Peer-to-Peer Networks, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/lewis.pdf

Joan Feigenbaum and Dirk Bergemann and Scott Shenker and Jonathan M. Smith, Towards an Economic Analysis of Trusted Systems, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/feigenbaum.pdf

Stuart Schechter, Toward Econometric Models of the Security Risk from Remote Attacks, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/schechter.pdf

Maximillian Dornseif and Sascha A. May, Modelling the costs and benefits of Honeynets, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/dornseif.pdf

Ben Laurie and Richard Clayton, 'Proof-of-Work' Proves Not to Work, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/clayton.pdf. comment: spam producers use zombie machines and thus have a different production frontier than legitimate email senders, therefore proof of work doesn't work

Andy Ozment, Bug Auctions: Vulnerability Markets Reconsidered, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/ozment.pdf

Nicholas Weaver and Vern Paxson, A Worst-Case Worm, Third Workshop on the Economics of Information Security, 2004, Minneapolis, MN, available online, at http://www.dtc.umn.edu/weis2004/weaver.pdf

L Jean Camp and S Lewis, Economics of Information Security, Springer, Vol. 12, 2004, New York, NY

H. Cavusoglu and S. Raghunathan, Configuration of Detection Software: A Comparison of Decision and Game Theory Approaches, INFORMS Journal on Decision Analysis, 1(3), September, pp. 131-148, 2004

H. Cavusoglu, B. Mishra, S. Raghunathan, A Model for Evaluating IT Security Investments, Communications of the ACM, 47(7), July, pp. 87-92, 2004

H. Cavusoglu, B. Mishra, S. Raghunathan, The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reaction for Breached Firms and Internet Security Developers, Special Issue: Measuring the Business Value of Information Technology in e-Business Environments, 2004

Adam Shostack and Paul Syverson, What Price Privacy?, pp. 129-142, Ch. 10, eds. L Jean Camp and Stephen Lewis, Economics of Information Security, Springer, Vol. 12, 2004, New York, NY, comment: Privacy is a signaling problem, when privacy is offered in a clear and comprehensible manner, it sells

Huseyin Cavusoglu, Economics of IT Security Management, pp. 71-83, Ch. 6, eds. L Jean Camp and Stephen Lewis, Economics of Information Security, Springer, Vol. 12, 2004, New York, NY, comment: Economics of IT overview, includes data about the losses from incidents in 2004

Alessandro Acquisti and Jens Grossklags, Privacy Attitudes and Privacy Behavior, pp. 165-178, Ch. 13, eds. L Jean Camp and Stephen Lewis, Economics of Information Security, Springer, Vol. 12, New York, NY, comment: Direct incentives are required to protect privacy. The market by itself will not reach a equilibrium where privacy policies are readable, read and reliable

Andrew Odlyzko, Privacy, Economics and Price Discrimination on the Internet, pp. 187-212, Ch. 15, eds. L Jean Camp and Stephen Lewis, Economics of Information Security, Springer, Vol. 12, 2004, New York, NY, comment: Direct incentives are required to protect privacy. The market by itself will not reach a equilibrium where privacy policies are readable, read and reliable

T. Adleston, 2004, Linux in Government: The Government Open Code Collaborative, The Linux Journal,
available online, at http://www.linuxjournal.com/node/7932, December, comment: describes a cooperative model for governments to develop open code to their shared needs, as opposed to having one state pay for development then the others buy it 49 times

Office of Government Commerce, Open Source Software Trials in Government Final Report Office of the Treasury, 2004, available online, at http://www.ogc.gov.uk/oss/Report-v8d.htm , London, UK, annotopen source can be cheaper and useful in government, but these might be generalized, open source is a viable alternative

2005

Andy Ozment and Stuart E. Schechter. Milk or Wine: Does Software Security Improve with Age? In the proceedings of the Fifteenth Usenix Security Symposium. July 31 - August 4 2006: Vancouver, BC, Canada
short answer: wine

Ross Anderson and Tyler Moore. "The Economics of Information Security" Science 314 (5799), pp.610-613, October 27, 2006. http://www.cl.cam.ac.uk/~twm29/science-econ.pdf, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Farahmand, Fariborz, Shamkant B. Navathe, Gunter P. Sharp, and Philip H. Enslow, A Management Perspective on Risk of Security Threats to Information Systems, Information Technology and Management 6 (2-3):203-225, 2005

Gal-Or, Esther, and Anindya Ghose. The economic incentives for sharing security information, Information Systems Research 16 (2):186-208. 2005

Lambrinoudakis C., Gritzalis S., Yannacopoulos A., Hatzopoulos P., Katsikas S., A Formal Model for Pricing Information Systems Insurance Contracts, Computer Standards and Interfaces, Vol.27, No.5, pp.521-532, 2005.

James R. Conrad, Analyzing the Risks of Information Security Investments with Monte-Carlo Simulations, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/13.pdf

Pei-yu Chen and Gaurav Kataria and Ramayya Krishnan, Software Diversity for Information Security, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/47.pdf

Anindya Ghose and Arun Sundararajan, Pricing Security Software: Theory and Evidence, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/37.pdf

Avi Goldfarb, Why do denial of service attacks reduce future visits? Switching costs vs. changing preferences, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/6.pdf

Jennifer S. Granick, Faking It: Criminal Sanctions and the Cost of Computer Intrustions, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/FakingIt.granick.pdf

Tyler Moore, Countering Hidden-Action Attacks on Networked Systems, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/18.pdf

Dirk Bergemann and Thomas Eisenbach and Joan Feigenbaum and Scott Shenker, Flexibility as an Instrument in Digital Rights Management, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/50.pdf

Yooki Park and Suzanne Scotchmer, Digital Rights Management and the Pricing of Digital Products, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/62.pdf

Andrei Serjantov and Richard Clayton, Modeling Incentives for Email Blocking Strategies, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/emailblocking.pdf

Schoeder, N. J. (2005) Using Prospect Theory to investigate decision making bias within an information security context Thesis for Masters of Science in Information Resource Management, Air Force Institute of Technology http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA445399&Location=U2&doc=GetTRDoc.pdf

Jay Pil Choi and Chaim Fershtman and Neil Gandal, Internet Security, Vulnerability Disclosure, and Software Provision, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/9.pdf

Byung Cho Kim and Pei-Yu Chen and Tridas Mukhopadhyay, An Economic Analysis of Software Market with Risk-Sharing Contract, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/28.pdf

Rainer Boehme, Cyber-Insurance Revisite, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/15.pdf

Jay P. Kesan and Ruperto P. Majuca and William J. Yurcik, Cyber-insurance As A Market-Based Solution To The Problem Of Cybersecurity, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/42.pdf

Hulisi Ogut and Nirup Menon and Srinivasan Raghunathan, Cyber Insurance and IT Security Investment: Impact of Interdependent Risk, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/56.pdf

Scott Dynes and Hans Brechbuhl and Eric Johnson, Information Security in the Extended Enterprise: Some Initial Results From a Field Study of an Industrial Firm, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/51.pdf

Luc Wathieu and Allan Friedman, An empirical approach to the valuing privacy valuation, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/WathFried_WEIS05.pdf. comment: people are sensitive to the potential of secondary uses when they decide under what conditions to share information

Bernardo A. Huberman and Eytan Adar and Leslie R. Fine, Valuating Privacy, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/7.pdf. comment: people value their information to the extent that they deviate from the norm

Rahul Telang, and Sunil Wattal, Impact of Software Vulnerability Announcements on the Market Value of Software Vendors -- an Empirical Investigation, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/telang_wattal.pdf

Zhulei Tang and Yu (Jeffrey) Hu and Michael D. Smith, Protecting Online Privacy: Self-Regulation, Mandatory Standards, or Caveat Emptor, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/31.pdf

Alessandro Acquisti, and Jens Grossklags, Uncertainty, Ambiguity and Privacy, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/64.pdf

Rachel Greenstadt and Michael D. Smith, Protecting Personal Information: Obstacles and Directions, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/48.pdf

David Baumer and Julia Earp and J.C. Poindexter, Quantifying Privacy Choices with Experimental Economics, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/16.pdf

Dmitri Nizovtsev and Marie Thursby, Economic Analysis of Incentives to Disclose Software Vulnerabilities, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/20.pdf

Andy Ozment, The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/10.pdf

Ashish Arora and Ramayya Krishnan Rahul Telang and Yubao Yang, An Empirical Analysis of Vendor Response to Disclosure Policy, Fourth Workshop on the Economics of Information Security, 2005, Cambridge, MA, available online, at http://infosecon.net/workshop/pdf/41.pdf

Cavusoglu, H., B. Mishra, S. Raghunathan (2005), "The Value of Intrusion Detection Systems (IDSs) in Information Technology (IT) Security," Information Systems Research, 16(1), March, pp. 28-46

L Jean Camp and Allan Friedman, Good Neighbors Make Good Fences, Telecommunication Policy Research Conference, 2005, Arlington, VA.

Daniel Geer, Making Choices to Show ROI, Secure Business Quarterly, Vol. 1, pp. 1-5, 2005,
available online, at http://www.sbq.com/sbq/rosi/sbq_rosi_making_choices.pdf, comment: proposed a metric of Return on Security Investment Analysis

Tom Espiner, Symantec flaw found by TippingPoint bounty hunters, ZDNET, October 2005,
available online, at http://news.zdnet.co.uk/0, 39020330, 39230317, 00.htm , comment: first public report of a bug being purchased.

Federal Trade Commission, FTC Releases Top 10 Consumer Complain Categories for 2004

Reuters, Identity Theft, Net Scams Rose in 04-FTC, 2005

A. Acquisti and John Russ, 2005, Information Revelation and Privacy, Heinz Seminars, Carnegie Mellon University, Pittsburgh, PA

M. Wu and R. Miller and S. Garfinkle, 2005, Do Security Toolbars Actually Prevent Phishing Attacks? , eds. L. Cranor, Proceedings of SOUPS

C. Koch, 2005, The Five Most Shocking Things About the ChoicePoint Debacle, CSO, May, comment: worth reading, really will be shocked

S. Smith, 2005, Trusted Computing Platforms - Design and Applications, Springer, Berlin, DE

Top 10 Consumer Complain Categories for 2004, Feb. 2005, Federal Trade Commission, Washington, DC, institution Federal Trade Commission,
available online at http://www.ftc.gov/opa/2005/02/top102005.htm

Dan Burk, Legal and Technical Standards in Digital Rights Management Technology, Fordham Law Review , Vol. 74, 2, Nov. 2005, pp. 537-573,
comment: reviews Lexmark, Blizzard, Chamberlain garage door, DeCSS, realNetworks, and Game Masters

Paul Virijevich, DShield - A community approach to intrusion detection, News Forge , 2005, June, pp. 537-573,
available online, at http://software.newsforge.com/article.pl?sid=05/06/07/1432216.
comment: cooperation of individuals with no obvious incentive enables an Internet monitoring network. an example of peer production of security information.

2006

Alessandro Acquisti and Allan Friedman and Rahul Telang, Is There a Cost to Privacy Breaches? An Event Study, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/40.pdf.

Alessandro Acquisti and Bin Zhang, Financial Privacy for Free? US Consumers' Response to FACTA, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/45.pdf.

Ross Anderson and Tyler Moore. "The Economics of Information Security" Science 314 (5799), pp.610-613, October 27, 2006. http://www.cl.cam.ac.uk/~twm29/science-econ.pdf, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Ashish Arora and Christopher M. Forman and Anand Nandkumar and Rahul Telang, Competitive and Strategic Effects in the Timing of Patch Release, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/35.pdf.

Rainer Boehme and Thorsten Holz, The Effect of Stock Spam on Financial Markets, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://ssrn.com/abstract=897431.

Rainer Boehme and Gaurav Kataria, Models and Measures for Correlation in Cyber-Insurance, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/16.pdf.

L Jean Camp, Economics of Information Security, I/S A Journal of Law and Policy in the Information Society, Vol 2. No. 2 http://papers.ssrn.com/sol3/papers.cfm?abstract_id=889442

L Jean Camp, Reliable, Usable Signaling to Defeat Masquerade Attacks, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/48.pdf.

L Jean Camp, Mental Models of Security, IEEE Technology and Society,accepted in 2006. (publication expected in 2008)

Huseyin Cavusoglu and Hasan Cavusoglu and Jun Zhang, Economics of Security Patch Management, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/5.pdf.

Michael Collins and Carrie Gates and Gaurav Kataria, A Model for Opportunistic Network Exploits: The Case of P2P Worms, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/30.pdf.

Marco Cremonini and Dmitri Nizovtsev, Understanding and Influencing Attackers' Decisions: Implications for Security Investment Strategies, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/3.pdf.

George Danezis and Bettina Wittneben, The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/36.pdf.

Roger Dingledine and Nick Mathewson, Anonymity Loves Company: Usability and the Network Effect, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/41.pdf.

Scott Dynes and Eva Andrijicic and M Eric Johnson, Costs to the U.S. Economy of Information Infrastructure Failures: Estimates from Field Studies and Economic Data, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/4.pdf

Benjamin Edelman, Adverse Selection in Online 'Trust' Certifications, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/10.pdf.

A. Friedman, 2006, Information Networks and Social Trust, Kennedy School of Government Working Paper Series, Cambridge, MA, comment: defines the limits and efficacy of information-sharing among naive users who are attempting to jointly identify "good" or "bad" sites, i.e. limits of social networks for security. uses agent-based modeling.

Garcia, Alfredo and Barry Horowitz, The Potential for Underinvestment in Internet Security : Implications for Regulatory Policy, Journal of Regulatory Economics, 2006.

Alfredo Garcia and Barry Horowitz, The Potential for Underinvestment in Internet Security: Implications for Regulatory Policy, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/24.pdf.

Anindya Ghose and Uday Rajan, The Economic Impact of Regulatory Information Disclosure on Information Security Investments, Competition, and Social Welfare, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/37.pdf.

Goetz, Eric and M.Eric Johnson, Embedding Information Security Risk Management into the Extended Enterprise, 2006. Available online at http://mba.tuck.dartmouth.edu/digital/Programs/CorporateEvents/CIO_RiskManage/Overview.pdf

Nathaniel Good and Jens Grossklags and David Thaw and Aaron Perzanowski and Deirdre Mulligan and Joseph Konstan, User Choices and Regret: Understanding Users' Decision Process about Consensually acquired Spyware, I/S A Journal of Law and Policy for the Information Society, Summer 2006,
available online, at http://is-journal.org/CFPs/2006-cybersecurity.php ,
comment:people still install spyware when told what it is but they feel good about it.

Gordon, Lawrence A., Martin, P. Loeb, William Lucyshyn, and Tashfeen Sohail, The Impact of the Sarbanes-Oxley Act on the Corporate Disclosures of Information Security Activities, Journal of Accounting and Public Policy, Vol. 25, No. 5, 2006, pp. 503-530.

Lawrence A. Gordon and Martin P. Loeb, Managing Cybersecurity Resources: A Cost-Benefit Analysis, McGraw-Hill, 2006, NY, NY.

Jennifer Granick, Faking It: Criminal Sanctions and the Cost of Computer Intrusions, I/S A Journal of Law and Policy for the Information Society, Summer 2006,
available online, at www.infosecon.net/workshop/pdf/FakingIt.granick.pdf.

Rachel Greenstadt and Michael D. Smith, Collaborative Scheduling: Threats and Promises, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/43.pdf.

Hemantha Herath and Tejaswini Herath, Justifying Spam and E-mail Virus Security Investments: A Case Study, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/13.pdf.

Matthew Hottell and Drew Carter and Matthew Deniszczuk, Predictors of Home-Based Wireless Security, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/51.pdf.

C. Derrick Huang and Qing Hu and Ravi S. Behara, Economics of Information Security Investment in the Case of Simultaneous Attacks, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/15.pdf.

Il-Horn Hann, Kai-Lung Hui, Yee-Lin Lai, and S.Y.T. Lee and I.P.L. Png Who Gets Spammed?, Communications of the ACM, Vol. 49, No. 10, October 2006, 83-87, http://www.comp.nus.edu.sg/~ipng/research/spam_CACM.pdf
comment: measures the degree to which spam is randomly distributed or targeted. spam is most strongly correlated with the account provider for free email, opting out of marketing opportunities does decrease spam.

Jeremy Kirk, Antivirus market jumped 13.6 percent last year , IDG News Service June 21, 2006
available online http://www.infoworld.com/article/06/06/21/79506_HNantivirusmarket_1.html?source=NLC-TB2006-06-21
comment: Growth in malicious software drives revenue totaling $4 billion for anti-virus companies, .......... enterprise share of the antivirus market in 2005 was 51.5 percent while the consumer segment came in at 48.5 percent.

Vineet Kumar and Rahul Telang and Tridas Mukhopadhyay, Enterprise Information Security: Who Should Manage it and How?, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/21.pdf.

Debin Liu and L Jean Camp, Proof of Work can Work, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/50.pdf. comment: the difference in the production frontier can be overcome by embedding proof of work into current anti-spam systems which include reputation systems, white lists, and black lists.

Wei Liu and Hideyuki Tanaka and Kanta Matsuura, An Empirical Analysis of Security Investment in Countermeasures Based on an Enterprise Survey in Japan, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/9.pdf.

I. MacInnes, Y. Li Risk and Dispute in eBay Transactions, International Journal of Electronic Commerce.
comment: not the nature of the good nor the size of the transaction but rather the payment method is the greatest predictor of dispute in eBay transactions.

P.K. Manadhata, J.M. Wing, M.A. Flynn, and M.A. McQueen,Measuring the Attack Surfaces of Two FTP Daemons Quality of Protection Workshop, Alexandria, VA, October 30, 2006.http://www.cs.cmu.edu/~pratyus/qop.pdf

Tyler Moore, The Economics of Digital Forensics, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/14.pdf.

Shishir Nagaraja and Ross Anderson, The Topology of Covert Conflict, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/38.pdf.

Andy Ozment and Stuart E. Schechter, Bootstrapping the Adoption of Internet Security Protocols, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/46.pdf.

Andy Ozment and Stuart E. Schechter. Milk or Wine: Does Software Security Improve with Age? In the proceedings of The Fifteenth Usenix Security Symposium. July 31 - August 4 2006: Vancouver, BC, Canada. http://www.cl.cam.ac.uk/~jo262/papers/Ozment_and_Schechter-Milk_Or_Wine-Usenix06.pdf

Shari Lawrence Pfleeger and Rachel Rue and Jay Horwitz and Aruna Balakrishnan, Investing In Cyber Security: The Path to Good Practice, 2006, The RAND Journal.

I.P.L. Png and Candy Q. Tang and Qiu-Hong Wang, Hackers, Users, Information Security, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/54.pdf


Brent R. Rowe and Michael P. Gallaher, Private Sector Cyber Security Investment: An Empirical Analysis, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/18.pdf.

Brent Rowe and Michael Gallaher, Could IPv6 Improve Network Security? If so, at what cost?, I/S A Journal of Law and Policy for the Information Society, Summer 2006,
available online, at http://www.is-journal.org/articles.php?abstract=2&level=1.

Peter Sand, The Privacy Value, Journal of Law and Policy for the Information Society, Summer 2006.

Michael Sutton and Frank Nagle, Emerging Economic Models for Vulnerability Research, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/17.pdf.

R. Wash and J. K. MacKie-Mason, Incentive-centered design for information security. 1st Conference on USENIX Workshop on Hot Topics in Security - Volume 1 (Vancouver, B.C., Canada). August 2006.

Y. Wang and D. Beck and Z. Jiang and R. Roussev and C. Verbowski and S. Chen and S. King, 2006, Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities, Proc. Network and Distributed System Security NDSS Symposium, ISOC, Washington, DC

Jan Willemson, On the Gordon & Loeb Model for Information Security Investment, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/12.pdf.



2007

David S. Anderson, Chris Fleizach, Stefan Savage and Geoffrey M. Voelker, Spamscatter: Characterizing Internet Scam Hosting Infrastructure, USENIX Security Symposium, Boston, MA. 5 -10 August 2007.
comment: analysis of spam infrastructure, useful for spam-o-nomics

R. Anderson, T. Moore, S. Nagaraja, A. Ozment, Incentives and Information Security, in Algorithmic Game Theory, N. Nisan, T. Roughgarden, E. Tardos, and V. Vazirani (editors), ISBN-13: 9780521872829, Cambridge University Press, 2007.

Tyler Moore and Richard Clayton. "Examining the Impact of Website Take-down on Phishing." Second APWG eCrime Researcher's Summit. October 4-5, 2007: Pittsburgh, PA, USA. (Best Paper Award) Presentation

Ross Anderson and Tyler Moore. "The Economics of Information Security: A Survey and Open Questions." Fourth bi-annual Conference on the Economics of the Software and Internet Industries, January 19-20, 2007, Toulouse, France.

Farzaneh Asgharpour, Debin Liu, L. Jean Camp Mental Models of Computer Security Risks, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

S. E. Goodman, Robert Ramer, Identify and Mitigate the Risks of Global IT Outsourcing, Editorial Preface, The Journal of Global Information Technology Management (JGITM), Vol. 10, No. 4, October 2007, 1-6.

Seymour E. Goodman, Rob Ramer, Global Sourcing of IT Services and Information Security: Prudence Before Playing Comm. of the American Association for Information Systems (CAIS), Vol, 20, December 2007, 812-823.

Steven M. Bellovin, Routing Security Economics DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Rainer Böhme and Sven Koble, Technische Universität Dresden, On the Viability of Privacy-Enhancing Technologies in a Self-Regulated Business-to-Consumer Market: Will Privacy Remain a Luxury Good?, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Ramnath K. Chellappa, Shivendu Shivendu, Incentive Design for Free but No Free Disposal Services: The Case of Personalization under Privacy Concerns, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Pau-Chen Chen, Pankaj Rohatgi and Claudia Keser, Fuzzy MLS: An Experiment on Quantified Risk-Adaptive Access Control DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Yue Chen, Barry Boehm, Luke Sheppard,Measuring Security Investment Benefit for Off the Shelf Software Systems - A Stakeholder Value Driven Approach, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Jay Pil Choi, Chaim Fershtman, Neil Gandal Network Security: Vulnerabilities and Disclosure Policy, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Lorrie Faith Cranor, Sarah Spiekermann, Privacy Engineering DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Nicolas Christin, Countermeasures Against Government-Scale Monetary Forgeries, DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

George Danezis, Network formation, Sybil Attacks & Reputation Systems, DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

George Danezis and Stefan Schiffner, On Network formation, (Sybil attacks and Reputation systems) DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Ginger Davis, Alfredo Garcia and Weide Zhang, "Empirical Analysis of the Effects of Cyber Security Incidents" , submitted to Risk Analysis

Scott Dynes, Information Security and IT Risk Management in the Real World:Results From Field Studies DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Jason Franklin, Vern Paxon, Adrian Perrig, and Stefan Savage, An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants, CCS '07, Alexandria, VA. 29 October - 2 November, 2007.

M. Eric Johnson and Scott Dynes, Inadvertent Disclosure - Information Leaks in the Extended Enterprise, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Neil Gandal, Internet Security, Vulnerability Disclosure, & Software Provision, DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Eric Goetz and M.Eric Johnson, Embedding Information Security Risk Management into the Extended Enterprise, 2006. Available online at http://mba.tuck.dartmouth.edu/digital/Programs/CorporateEvents/CIO_RiskManage/Overview.pdf, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Gritzalis S., Yannacopoulos A., Lambrinoudakis C., Hatzopoulos P., Katsikas S., A Probabilistic Model for Optimal Insurance Contracts against Security Risks and Privacy Violation in IT Outsourcing Environments , International Journal of Information Security, Vol.6, No.4, pp.197-211, 2007.

Jens Grossklags, Alessandro Acquisti, When 25 Cents is too much: An Experiment on Willingness-To-Sell and Willingness-To-Protect Personal Information, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Alok Gupta and Dmitry Zhdanov, Growth and sustainability of MSSP networks, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

The Potential for Underinvestment in Internet Security: Implications for Regulatory Policy" Alfredo Garcia and Barry Horowitz, Journal of Regulatory Economics, Vol. 31:1 (2007) pp. 37-51

Kjell Hausken, Strategic Defense and Attack of Complex Networks, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Hemantha S. B. Herath, Tejaswini C. Herath, Cyber-Insurance: Copula Pricing Framework and Implications for Risk Management, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Peter Honeyman, Galina A. Schwartz, Ari Van Assche, Interdependence of Reliability and Security, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Barry Horowitz, Linking the Economics of Cyber Security and Corporate Reputation DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Gaurav Kataria, Rainer Böhme, Models and Measures for Correlation in Cyber-Insurance DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Vineet Kumar, Rahul Telang, Tridas Mukhopadhyay, Carnegie Mellon University,Optimally Securing Enterprise Information Systems and Assets, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Costas Lambrinoudakis, Stefanos Gritzalis, and Thanassis Yannacopoulos, Modelling and Economics of IT Risk Management and Insurance DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Ivan Png, Chen Yu Wang, The Deterrent Effect of Enforcement Against Computer Hackers: Cross-Country Evidence, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Amalia R. Miller,Catherine E. Tucker,Privacy, Network Effects and Electronic Medical Record Technology Adoption, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Charles Miller, The legitimate vulnerability market: the secretive world of 0-day exploit sales, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Tyler Moore and Richard Clayton An Empirical Analysis of the Current State of Phishing Attack and Defence, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Tyler Moore, (joint with Ross Anderson and Shishir Nagaraja), Network Economics and Security Engineering DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Deirdre K. Mulligan, Information Disclosure as a light-weight regulatory mechanism DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Mohammad S. Rahman Karthik Kannan, Mohit Tawarmalani, Purdue University,The Countervailing Incentive of Restricted Patch Distribution: Economic and Policy Implications, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Srinivasan Raghunathan, Huseyin Cavusoglu, Byungwan Koh, Bin Mai, Economics of User Segmentation, Profiling, and Detection in Security, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Brent Rowe,Will Outsourcing IT Security Lead to a Higher Social Level of Security?, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Rachel Rue, Shari Lawrence Pfleeger, David Ortiz,A Framework for Classifying and Comparing Models of Cyber Security Investment to Support Policy and Decision-Making, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Bruce Schneier, The Psychology of Security... a work in progress DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Katherine J. Strandburg, Surveillance of Emergent Associations: Freedom of Association in a Network Society DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Michael D. Smith and Rahul Telang, Competing with Free: The Impact of Movie Broadcasts on DVD Sales and Internet Piracy DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Peter Swire, Security Through Obscurity: When It Works, When It Doesn't DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

Janice Tsai, Serge Egelman, Lorrie Cranor, Alessandro Acquisti, The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study, WEIS 2007 - Sixth Workshop on Economics of Information Security, Pittsburgh PA, 7-8 June 2007.

Rick Wash and Jeff Mackie-Mason Incentive-Centered Design for Information Security, DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, Rutgers, NJ.

2008

Hartline, Jason D., and Tim Roughgarden. Optimal mechanism design and money burning Proceedings of the 40th annual ACM symposium on Theory of computing. ACM, 2008.

Greg Aaron, Rod Rasmussen, Global Phishing Survey: Domain Name Use and Trends in 1H2008, General Members Meeting & eCrime Researchers Summit, Atlanta 14-16 October 2008.

Sang Hoo Bae, Pilsik Choi, Firms' Optimal Digital Rights Management (DRM) Strategies: The Effects of Public Copy Protection and DRM Compatibility, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Rainer Boehme, Conformity or Diversity: Social Implications of Transparency in Personal Data Processing, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Garth Bruen, Chris Barton The Phantom Menace: Untraceable Registrars, General Members Meeting & eCrime Researchers Summit, Atlanta 14-16 October 2008.

Pat Cain, IODEF Extensions: A Lingua Franca for Communicating and Processing Electronic Crime Reports, General Members Meeting & eCrime Researchers Summit, Atlanta 14-16 October 2008.

L. Jean Camp, Hillary Elmore, Brandon Stephens, Diffusion and Adoption of IPv6 in the United States, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Ramnath Chellappa, Raymond Sin, Competition for Information under Privacy Concerns, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Anindya Ghose, Karthik Balakrishnan, Panos Ipeirotis, The Impact of Information Disclosure on Stock Market Returns: The Sarbanes-Oxley Act and the Role of Media as an Information Intermediary, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Rachel Greenstadt, Oliver Day, Brandon Palmen, Reinterpreting the Disclosure Debate for Web Infections, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Jens Grossklags, Nicolas Christin, John Chuang, Security Investment (Failures) in Five Economic Environments: A Comparison of Homogeneous and Heterogeneous User Agents, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Il-Horn Hann, Kai-Lung Hui, Sang-Yong T. Lee, and I.P.L. Png, Consumer Privacy and Marketing Avoidance: A Static Model, Management Science, Vol. 54 No. 6, June 2008, 1094-1103.  Introduces the concept of marketing avoidance, i.e., consumer efforts to conceal themselves and to deflect marketing.

Rolf Hulthen, Communicating the Economic Value of Security Investments; Value at Security Risk, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Danesh Irani, Steve Webb, Jonathon Giffin, Calton Pu, Evolutionary Study of Phishing, General Members Meeting & eCrime Researchers Summit, Atlanta 14-16 October 2008.

Shing Yin Khor, Phishing and MySpace, General Members Meeting & eCrime Researchers Summit, Atlanta 14-16 October 2008.

Ponnurangam Kumaraguru, Steve Sheng, Alessandro Acquisti, Lorrie Cranor, Jason Hong, Lessons From a Real World Evaluation of Anti-Phishing Training, General Members Meeting & eCrime Researchers Summit, Atlanta 14-16 October 2008.

Marc Lelarge, Jean Bolot, Cyber Insurance as an Incentive for IT Security, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Qi Liao, Zhen Li, Aaron Striegel, Botnet Economics: Uncertainty Matters, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

T. Maillart, D. Sornette Heavy-Tailed Distribution of Cyber-Risks, Physics and Society
comment: An analysis based on complex systems that indicates that the ID theft market has matured, with roughly 500M incidents. The model also illustrates that vulnerability increases with organization size.

Kanta Matsuura, Productivity Space of Information Security in an Extension of the Gordon-Loeb's Investment Model, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Tyler Moore, Ross Anderson, Rainer Boehme, Richard Clayton, Security Economics and European Policy, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Tyler Moore, Richard Clayton, The Impact of Incentives on Notice and Take-down, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Tyler Moore and Richard Clayton. "Evaluating the Wisdom of Crowds in Assessing Phishing Websites. To appear at the 12th International Financial Cryptography and Data Security Conference (FC08). January 28-31, 2008: Cozumel, Mexico. Paper

Tyler Moore, Richard Clayton The consequence of non-cooperation in the fight against phishing, General Members Meeting & eCrime Researchers Summit, Atlanta 14-16 October 2008.

Steven Myers, Sid Stamm, Practice & Prevention of Home-Router Mid-Stream Injection Attacks, General Members Meeting & eCrime Researchers Summit, Atlanta 14-16 October 2008.

Shishir Nagaraja, The Economics of Covert Community Detection and Hiding, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Kurt Nielsen, Is Distributed Trust More Trustworthy?, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

David Pym, Adam Beautement, Robert Coles, Jonathan Griffin, Christos Ioannidis, Brian Monahan, Angela Sasse, Mike Wonham, Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

Rod Rasmussen, Laura Mather, Mike Rodenbaugh, Report on DNS Abuse Remediation: Accelerated Domain Suspension Process for Registries, General Members Meeting & eCrime Researchers Summit, Atlanta 14-16 October 2008.

Sasha Romanosky, Rahul Telang, Alessandro Acquisti, Do Data Breach Disclosure Laws Reduce Identity Theft?, WEIS 2008 - Seventh Workshop on Economics of Information Security, Hanover NH, 25-28 June 2008.

D. K. Smetters, Defending the User: New Approaches to Anti-Phishing, General Members Meeting & eCrime Researchers Summit, Atlanta 14-16 October 2008.

Craig Spiezle, User Concerns: Behavioral Targeting vs User Choice, General Members Meeting & eCrime Researchers Summit, Atlanta 14-16 October 2008.

V. Verendel, A Prospect Theory approach to security Technical Report No. 08-20, Department of Computer Science and Engineering, Göteborg, Sweden, 2008 http://www.cse.chalmers.se/~vive/prospectTR.pdf

2009

Alessandro Acquisti, Ralph Gross Social Insecurity: The Unintended Consequences of Identity Fraud Prevention PoliciesThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Alessandro Acquisti, Leslie John, George Loewenstein The Impact of Relative Standards on Concern About PrivacyThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Ross Anderson,Shailendra Fuloria Security Economics and Critical National InfrastructureThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Ajit Appari, Denise Anthony, Eric Johnson HIPAA Compliance: An Examination of Institutional and Market ForcesThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Stefan Berthold, Rainer Boehme, Valuating Privacy with Option Pricing TheoryThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Rainer Boehme, Tyler Moore The Iterated Weakest Link - A Model of Adaptive Security InvestmentThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Joseph Bonneau,Soren Preibusch The Privacy Jungle: On the Market for Data Protection in Social NetworksThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Richard Clayton, Internet Multi-Homing Problems: Explanations from EconomicsThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Ramōn Companō, Wainer Lusoli The Policy Maker's Anguish: regulating personal data behaviour between paradoxes and dilemmasThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Ivan Damgard, Secure Multiparty Computation Goes Live, Financial Cryptography and Data Security '09, Barbados 23-26 February 2009. Presentation here

Saar Drimer, Steven Murdoch, Ross Anderson, Optimised to Fail: Card Readers for Online Banking, Financial Cryptography and Data Security '09, Barbados 23-26 February 2009, Presentation here

Ben Edelmam, Deterring Online Advertising Fraud Through Optimal Payment in Arrears, Financial Cryptography and Data Security '09, Barbados 23-26 February 2009, Presentation here

Stefan Frei, Dominik Schatzmann,Bernhard Plattner, Brian Trammell Modelling the Security Ecosystem- The Dynamics of (In)SecurityThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Neal Fultz, Jens Grossklags, Blue versus Red: Towards a model of distributed security attacks, Financial Cryptography and Data Security '09, Barbados 23-26 February 2009,

Jens Grossklags, Benjamin Johnson and Nicolas Christin The Price of Uncertainty in Security GamesThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Cormac Herley, Dinei Florencio Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground EconomyThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Christos Ioanndis, David Pym, Julian Williams, Investments and Trade-offs in the Economics of Information Security, Financial Cryptography and Data Security '09, Barbados 23-26 February 2009, Presentation here

Frank Innerhofer-Oberperfler, Ruth Breu Potential Rating Indicators for Cyberinsurance: An Exploratory Qualitative StudyThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Marc LeLargeEconomics of Malware: Epidemic Risks Model, Network Externalities and IncentivesThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Debin Liu, XiaoFeng Wang, L. Jean Camp, Mitigating Inadvertent Insider Threats with Incentives, Financial Cryptography and Data Security '09, Barbados 23-26 February 2009.

Tyler Moore, Richard Clayton Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing, Financial Cryptography and Data Security '09, Barbados 23-26 February 2009, Presentation here

Christian W Probst, Jeffrey Hunker The Risk of Risk Analysis-And its relation to the Economics of Insider ThreatsThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Vicente Segura, Javier Lahuerta Modeling the economic incentives of DDoS attacks: femtocell case studyThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

William Roberds, Data Breaches and Identity TheftThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Nikhil Shetty, Galina Schwartz, Galina Schwartz, Mark Felegyhazi, Jean Walrand Competitive Cyber-Insurance and Internet SecurityThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Ken-ichi Tatsumi, Makoto Goto Optimal Timing of Information Security Investment: A Real Options ApproachThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Qiu-Hong Wang,Seung-Hyun Kim Cyber Attacks: Cross-Country Interdependence and EnforcementThe Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009

Zach Zhou, M. Eric Johnson The Impact of Information Security Ratings on Vendor Competition, The Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, UK 24-25 June 2009



2010

Sasha Romanosky, Richard Sharp and Alessandro Acquisti (Carnegie Mellon) Data Breaches and Identity Theft: When is Mandatory Disclosure Optimal? The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Amalia R Miller and Catherine Tucker (MIT) Encryption and Data Loss The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Bora Kolfal, Raymond Patterson and Lisa Yeo (Alberta) Market Impact on IT Security Spending The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Asunur Cezar, Huseyin Cavusoglu, and Srinivasan Raghunathan (UT Dallas and Middle East Technical University) Outsourcing Information Security: Contracting Issues and Security Implications The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda and Christopher Kruegel (TU Vienna, Institute Eurecom and UCSB) Is the Internet for Porn? An Insight Into the Online Adult Industry The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Alessandro Acquisti (Carnegie Mellon) and Catherine Tucker (MIT) Guns, Privacy, and Crime The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Laura Brandimarte, Alessandro Acquisti and George Loewenstein (Carnegie Mellon) Misplaced Confidences: Privacy and the Control Paradox The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Nicola Jentzsch (German Institute for Economic Research) A Welfare Analysis of Secondary Use of Personal Data The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Joseph Bonneau and Sören Preibusch (Cambridge) The password thicket: technical and market failures in human authentication on the web The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Serge Egelman, David Molnar, Nicolas Christin, Alessandro Acquisti, Cormac Herley and Shriram Krishnamurthi (Brown, Microsoft Research and Carnegie Mellon) Please Continue to Hold: An empirical study on user tolerance of security delays The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Jonathan Anderson, Joseph Bonneau and Frank Stajano (Cambridge) Inglourious Installers: Security in the Application Marketplace The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Richard Clayton (Cambridge) Might Governments Clean-up Malware? The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Michel van Eeten, Johannes M. Bauer, Hadi Asghari, Shirin Tabatabaie and Dave Rand (TU Delft, Michigan State and Trend Micro) The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Nevena Vratonjic, Jean-Pierre Hubaux, Maxim Raya and David Parkes (EPFL and Harvard) Security Games in Online Advertising: Can Ads Help Secure the Web? The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Harikrishna Narasimhan, Venkatanathan Varadarajan and Pandu Rangan Chandrasekaran (Anna and IIT Madras) Towards a Cooperative Defense Model Against Network Security Attacks The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Richard J. Sullivan (Federal Reserve Bank of Kansas City) The Changing Nature of US Card Payment Fraud: Issues for Industry and Public Policy The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Mark MacCarthy (Georgetown) Information Security Policy in the U.S. Retail Payments Industry The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Ross Anderson (Cambridge) Policy for Payment System Security, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

David Molnar and Stuart Schechter (Microsoft Research) Self Hosting vs. Cloud Hosting: Accounting for the security impact of hosting in the cloud The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Rainer Boehme and Galina Schwartz (ICSI Berkeley) Modeling Cyber-Insurance: Towards A Unifying Framework The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Cormac Herley (Microsoft Research) The Plight of the Targeted Attacker in a World of Scale The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Ross Anderson and Shailendra Fuloria (Cambridge) On the Security Economics of Electricity Metering The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Sam Ransbotham (Boston College) An Empirical Analysis of Exploitation Attempts based on Vulnerabilities in Open Source Software The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Hermann Härtig, Claude-Joachim Hamann and Michael Roitzsch (TU Dresden) The Mathematics of Obscurity: On the Trustworthiness of Open Source The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Adam Beautement (UCL) and David Pym (Aberdeen) Structured Systems Economics for Security Management The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010

Brent Rowe ISPs as Cyberecurity Providers, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 (Rump Session Presentation)

Doron Becker Security as Goodwill?, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 (Rump Session Presentation)

Mark Felegyhazi Security Investment with Penetration Testing, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 (Rump Session Presentation)

Steven Murdoch, Chip and PIN Policy, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 (Rump Session Presentation)

Tyler Moore, Policy Recommendations for Improving Cybersecurity, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 (Rump Session Presentation)

Kanta Matsuura, Product-Validation Systems and EIS, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 (Rump Session Presentation)

Jonathan Anderson, Rewards for Returning Lost Property, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 (Rump Session Presentation)

Haruo Takasaki Consumer Acceptance for Secondary Use, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 (Rump Session Presentation)

Joseph Bonneau Passwords and Intimacy, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 (Rump Session Presentation)

Debin Liu Incentive-based Access Control, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 (Rump Session Presentation)

Steve Borbash Determining the Difficulty of Security Problems, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 (Rump Session Presentation)

Roger Dingledine, We Have Data!, The Ninth Workshop on the Economics of Information Security (WEIS 2010) Harvard University, USA 7-8 June 2010 (Rump Session Presentation)


2011

Hare, Forrest. The Interdependent Nature of National Cyber Security: Motivating Private Action for a Public Good (2011).

Moore, Tyler, and Ross Anderson. The Impact of Immediate Disclosure on Attack Diffusion and Volume, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Dinei Florencio and Cormac Herley (both Microsoft Research): Where Do All the Attacks Go?, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Dinei Florencio and Cormac Herley (both Microsoft Research): Sex, Lies and Cyber-crime Survey, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Brett Stone-Gross, Ryan Abman, Richard A. Kemmerer, Christopher Kruegel, and Douglas G. Steigerwald (all University of California, Santa Barbara): The Underground Economy of Fake Antivirus Software, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Nevena Vratonjic, Julien Freudiger, Vincent Bindschaedler, and Jean-Pierre Hubaux (all EPFL, Switzerland): The Inconvenient Truth about Web Certificates, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Catherine Tucker(MIT): Social Networks, Personalized Advertising, and Privacy Controls, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Susan Landau and Tyler Moore (both Harvard University): Economic Tussles in Federated Identity Management, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Laura Brandimarte, Alessandro Acquisti and Joachim Vosgerau: Negative Information Looms Longer than Positive Information, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Chris Hall(Highwayman Associates), Ross Anderson(University of Cambridge), Richard Clayton(University of Cambridge), Evangelos Ouzounis(European Network and Information Security Agency), and Panagiotis Trimintzios(European Network and Information Security Agency): Resilience of the Internet Interconnection Ecosystem, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Steven Hofmeyr(Berkeley Lab), Tyler Moore(Harvard University), Stephanie Forrest(University of New Mexico), Benjamin Edwards(University of New Mexico), and George Stelle(University of New Mexico): Modeling Internet-Scale Policies for Cleaning up Malware, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Christos Ioannidis(University of Bath), David Pym(University of Aberdeen), and Julian Williams(University of Aberdeen): Fixed Costs, Investment Rigidities, and Risk Aversion in Information Security: A Utility-theoretic Approach, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Terrene August(University of California, San Diego) and Tunay Tunca(Stanford University): Who Should be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Juhee Kwon and M. Eric Johnson (both Dartmouth College): An Organizational Learning Perspective on Proactive vs. Reactive investment in Information Security, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Dallas Wood and Brent Rowe (both RTI International): Assessing Home Internet Users' Demand for Security: Will They Pay ISPs?, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Matthew Hashim, Sandra Maximiano and Karthik Kannan (all Purdue University): Information Targeting and Coordination: An Experimental Study, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Chul H. Lee, Xianjun Geng and Srinivasan Raghunathan (all The University of Texas at Dallas): Security Standardization in the Presence of Unverifiable Control, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Adrian Baldwin(HP Labs), Yolanta Beres(HP Labs), Geoffrey B. Duggan(University of Bath), Marco Casassa Mont(HP Labs), Hilary Johnson(University of Bath), Chris Middup(Open University), and Simon Shiu(HP Labs): Economic Methods and Decision Making by Security Professionals, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Daegon Cho(Carnegie Mellon University): Real Name Verification Law on the Internet: a Poison or Cure for Privacy?, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Idris Adjerid, Alessandro Acquisti, Rema Padman, Rahul Telang and Julia Adler-Milstein: Health Disclosure Laws and Health Information Exchanges, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Sören Preibusch and Joseph Bonneau (both University of Cambridge): The Privacy Landscape: Product Differentiation on Data Collection, The Tenth Workshop on the Economics of Information Security (WEIS 2011), George Mason University, USA 14-15 June 2011

Rainer Boehme(University of Munster) and Stefanie Poetzsch(Technische Universitat Dresden): Collective Exposure: Peer Effects in Voluntary Disclosure of Personal Data, Financial Cryptography and Data Security '11, Bay Gardens Beach Resort, St. Lucia, February 2 &;ndash; March 4, 2011

Nicolas Christin(Carnegie Mellon University), Serge Egelman(National Institute of Standards and Technology), Timothy Vidas(Carnegie Mellon University), and Jens Grossklags(Pennsylvania State University): It's All About The Benjamins: An empirical study on incentivizing users to ignore security advice Financial Cryptography and Data Security '11, Bay Gardens Beach Resort, St. Lucia, February 28 – March 4, 2011

2012
Fershtman, Chaim, and Neil Gandal. Migration to the Cloud Ecosystem: Ushering in a New Generation of Platform Competition Digiworld Economic Journal, no. 85, 1st Q. 2012, p. 109.

Liao, Chun-Hsiung, Chun-Wei Chen, and JAWAY HUNG. "The Optimal Investment Strategy of Information Security." (2012).

Fershtman, Chaim, and Neil Gandal. Migration to the Cloud Ecosystem: Ushering in a New Generation of Platform Competition Communications & Strategies 85 (2012).

Dey, Debabrata, Atanu Lahiri, and Guoying Zhang. Hacker behavior, network effects, and the security software market. Journal of Management Information Systems 29.2 (2012): 77-108.

Sasha Romanosky, David Hoffman, Alessandro Acquisti (Carnegie Mellon University) Empirical Analysis of Data Breach Litigation , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Martin S. Gaynor (Carnegie Mellon University), Muhammad Zia Hydari (Carnegie Mellon University), Rahul Telang (Carnegie Mellon University), Is Patient Data Better Protected in Competitive Healthcare Markets?, 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Sören Preibusch (University of Cambridge), Kat Krol (University College London), Alastair R. Beresford (University of Cambridge), The Privacy Economics of Voluntary Over-disclosure in Web Forms , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Juhee Kwon (Dartmouth College), M. Eric Johnson (Dartmouth College), Security Resources, Capabilities and Cultural Values: Links to Security Performance and Compliance , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Stephan Neuhaus (ETH Zürich), Bernhard Plattner (ETH Zürich), Software Security Economics: Theory, in Practice , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Bongkot Jenjarrussakul (University of Tokyo), Hideyuki Tanaka (University of Tokyo), Kanta Matsuura (University of Tokyo), Sectoral and Regional Interdependency of Japanese Firms under the Influence of Information Security Risks , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Cormac Herley (Microsoft Research), Why do Nigerian Scammers Say They are From Nigeria?, 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Vaibhav Garg (Indiana University), Chris Kanich (UC San Diego), L. Jean Camp (Indiana University), Analysis of eCrime in Crowd-sourced Labor Markets: Mechanical Turk vs. Freelancer , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Jörg Becker, Dominic Breuker, Tobias Heide, Justus Holler, Hans Peter Rauer, Rainer Böhme (University of Münster), Can We Afford Integrity by Proof-of-Work? Scenarios Inspired by the Bitcoin Currency, , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Ross Anderson (University of Cambridge), Chris Barton (Cloudmark), Rainer Böhme (University of Münster), Richard Clayton (University of Cambridge), Michael van Eeten (Delft University of Technology), Michael Levi (Cardiff University), Tyler Moore (Wellesley College), Stefan Savage (UC San Diego), Measuring the Cost of Cybercrime , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Matthias Brecht (University of Regensburg), Thomas Nowey (Krones AG), A Closer Look at Information Security Costs , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Yuliy Baryshnikov (University of Illinois at Urbana-Champaign), IT Security Investment and Gordon-Loeb 1/e Rule , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Toshihiko Takemura (Kansai University), Ayako Komatsu (Information Technology Promotion Agency, Japan), Who Sometimes Violates the Rule of the Organizations? An Empirical Study on Information Security Behaviors and Awareness, 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Lukas Demetz (University of Innsbruck), Daniel Bachlechner (University of Innsbruck), To Invest or Not to Invest? Assessing the Economic Viability of a Policy and Security Configuration Management Tool , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Timothy Kelley (Indiana University), L. Jean Camp (Indiana University), Online Promiscuity: Prophylactic Patching and the Spread of Computer Transmitted Infections , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Adrian Baldwin (Hewlett-Packard Laboratories), Iffat Gheyas (University of Aberdeen), Christos Ioannidis (University of Bath), David Pym (University of Aberdeen), Julian Williams (University of Aberdeen), Contagion in Cybersecurity Attacks, 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Min Chen (Richard Stockton College of New Jersey), Varghese Jacob (University of Texas at Dallas), Suresh Radhakrishnan (University of Texas at Dallas), Young Ryu (University of Texas at Dallas), The Effect of Fraud Investigation Cost on Pay-Per-Click Advertising , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Nevena Vratonjic (EPFL Lausanne), Mohammad Hossein Manshaei (Isfahan University of Technology, Iran), Jens Grossklags (Penn State University), Jean-Pierre Hubaux (EPFL Lausanne), Ad-blocking Games: Monetizing Online Content Under the Threat of Ad Avoidance , Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Serge Egelman (UC Berkeley), Adrienne Porter Felt (UC Berkeley), David Wagner (UC Berkeley), Architecture and Smartphone Privacy: There’s a Price for That , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Miguel Malheiros (University College London) Sascha Brostoff (University College London), Charlene Jennett (University College London), Angela Sasse (University College London), Would You Sell Your Mother’s Data? Personal Data Disclosure in a Simulated Credit Card Application , 11th Annual Workshop on the Economics of Information Security (WEIS 2012), Berlin, DE 25-26 June 2012

Le, Tien, Akshay Dua, and Wu-chang Feng. kaPoW plugins: protecting web applications using reputation-based proof-of-work Proceedings of the 2nd Joint WICOW/AIRWeb Workshop on Web Quality. ACM, 2012.

Norcie, Gregory, Emiliano De Cristofaro, and Victoria Bellotti. Bootstrapping Trust in Online Dating: Social Verification of Online Dating Profiles. Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2013. 149-163. 2012.


2013

Christos Ioannidis (University of Bath), David Pym (University of Aberdeen) , Julian Williams (University of Aberdeen) Sustainability in Information Stewardship: Time Preferences, Externalities, and Social Co-ordination The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Russell Thomas (George Mason University) , Marcin Antkiewicz (Qualys, Inc.) , Patrick Florer (Risk Centric Security, Inc.) , Suzanne Widup (Verizon Communications, Inc.) , Matthew Woodyard (Zions Bancorporation) How Bad Is It? A Branching Activity Model to Estimate the Impact of Information Security Breaches The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Terrence August (University of California, San Diego, Rady School of Management) , Marius Niculescu (Georgia Institute of Technology) , Hyoduk Shin (University of California, San Diego, Rady School of Management) Cloud Implications on Software Network Structure and Security Risks The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Daegon Cho (Carnegie Mellon University) , Alessandro Acquisti (Carnegie Mellon University) The More Social Cues, The Less Trolling? An Empirical Study of Online Commenting Behavior The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Geza Sapi (Dusseldorf Institute for COmpetition Economics) , Irina Suleymanova (Duesseldorf Institute for Competition Economics) Consumer Flexibility, Data Quality and Targeted Pricing The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Huseyin Cavusoglu (University of Texas) , Tuan Phan (National University of Singapore) , Hasan Cavusoglu (University of British Columbia) Privacy Controls and Information Disclosure Behavior of Online Social Network Users The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Sren Preibusch (Microsoft Research Cambridge UK) The value of privacy in Web search The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Andreas Kuehn (Syracuse University, School of Information Studies) , Milton Mueller (Syracuse University, School of Information Studies) Einstein on the Breach: Surveillance Technology, Cybersecurity, and Organizational Change The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Joshua Kroll (Princeton University) , Ian Davey (Princeton University) , Edward Felten (Princeton University) The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Huw Fryer (University of Southampton) , Roksana Moore (University of Southampton) , Tim Chown (University of Southampton) On the Viability of Using Liability to Incentivise Internet Security The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Qian Tang (University of Texas at Austin) , Leigh Linden (University of Texas at Austin) , John Quarterman (Quarterman Creations) , Andrew Whinston (University of Texas at Austin) Improving Internet Security Through Social Information and Social Comparison: A Field Quasi-Experiment The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Cormac Herley (Microsoft Research), Small World: Collisions Among Attacks in a Finite Population Alan Nochenson (The Pennsylvania State University) , JensGrossklags (The Pennsylvania State University) A Behavioral Investigation of the FlipIt Game The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Hadi Asghari (Delft University of Technology) , Michel Van Eeten (Delft University of Technology) , Axel Arnbak (University of Amsterdam) , Nico van Eijk (University of Amsterdam) Security Economics in the HTTPS Value Chain The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Michael Wellman (University of Michigan) , Tae Hyung Kim (University of Michigan) , Quang Duong (University of Michigan) Analyzing Incentives for Protocol Compliance in Complex Domains: A Case Study of Introduction-Based RoutingThe Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Mhr Khouzani (University of Southern California) , Soumya Sen (Princeton University) , Ness B. Shroff (The Ohio State University) Incentive Analysis of Bidirectional Filtering in the Internet The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Lorrie Cranor (Carnegie Mellon University) , Kelly Idouchi (Carnegie Mellon University) , Pedro Leon (Carnegie Mellon University) , Blase Ur (Carnegie Mellon University) , Manya Sleeper (Carnegie Mellon University) Are They Actually Any Different? Comparing 3,422 Financial Institutions' Privacy PracticesThe Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Claude Castellucia (INRIA) , Stephane Grumbach (INRIA) , Lukasz Olejnik (INRIA) Data Harvesting 2.0: from the Visible to the Invisible Web The Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Alessandro Acquisti (Carnegie Mellon University) , Christina Fong (Carnegie Mellon University) An Experiment in Hiring Discrimination via Online Social NetworksThe Twelfth Workshop on the Economics of Information Security (WEIS 2013) Georgetown University (Washington, D.C) 11-12 June 2013

Dua, Akshay Trust-but-Verify: Guaranteeing the Integrity of User-generated Content in Online. Diss. Portland State University, 2013.

Garg, Vaibhav, Thomas Koster, and Linda J. Camp.
Cross-country analysis of spambots. EURASIP Journal on Information Security 2013.1 (2013): 3.

Kūpçū, Alptekin. Distributing trusted third parties ACM SIGACT News 44.2 (2013): 92-112.

Groza, Bogdan, and Bogdan Warinschi. Cryptographic puzzles and DoS resilience, revisited Designs, Codes and Cryptography (2013): 1-31.

Kaiser, Edward, and Wu-chang Feng. Helping ticketmaster: Changing the economics of ticket robots with geographic proof-of-work INFOCOM IEEE Conference on Computer Communications Workshops, 2010. IEEE, 2010.