Wednesday, 24 June
Opening Remarks (8:30am - 8:45am)
Keynote 1: Computer Mediated Transactions (8:45am - 9:30am)
Speaker: Hal Varian, Google
Session Chair: Christos Ioannidis, University of BathSession 1: Identity theft (9:30am - 10:30am)
Session Chair: Alessandro Acquisti, Carnegie Mellon University- 9:30am Social Insecurity: The Unintended Consequences of Identity Fraud Prevention Policies
- Alessandro Acquisti, Carnegie Mellon University
- Ralph Gross, Carnegie Mellon University
- 10:00am Data Breaches and Identity Theft
- William Roberds, Federal Reserve Bank of Atlanta
- Stacey Schreft, The Mutual Fund Research Center, LLC
- 9:30am Social Insecurity: The Unintended Consequences of Identity Fraud Prevention Policies
Break (10:30am - 11:00am)
Session 2: Modelling uncertainty's effects (11:00am - 12:00pm)
Session Chair: Jean Camp, University of Indiana- 11:00am The Iterated Weakest Link - A Model of Adaptive Security Investment
- Rainer Boehme, Technische Universitat Dresden
- Tyler Moore, Harvard University
- 11:20am The Price of Uncertainty in Security Games
- Jens Grossklags, UC Berkeley
- Benjamin Johnson, Carnegie Mellon University, CyLab
- Nicolas Christin, Carnegie Mellon University, CyLab
- 11:40am Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy
- Cormac Herley, Microsoft Research
- Dinei Florencio, Microsoft Research
- 11:00am The Iterated Weakest Link - A Model of Adaptive Security Investment
Keynote 2: Security and Human Behaviour (12:00pm - 12:45pm)
Speaker: Bruce Schneier, BT Counterpane
Session Chair: Tyler Moore, Harvard UniversityLunch (12:45pm - 2:00pm)
Session 3: Future directions in the economics of information security (2:00pm - 3:45pm)
Session Chair: Andrew Odlyzko, University of Minnesota- 2:00pm Cyber Attacks: Cross-Country Interdependence and Enforcement
- Qiu-Hong Wang, University of Singapore
- Seung-Hyun Kim, University of Singapore
- 2:30pm Panel: A Broader View of Cyber Security Economics
- Lance Hoffman, George Washington University
- Shari Lawrence Pfleeger, the RAND Corporation
- David Good, Cambridge University
- Ann Cavoukian, Information and Privacy Commissioner, Province of Ontario
- Alessandro Acquisti, Carnegie Mellon University
- 2:00pm Cyber Attacks: Cross-Country Interdependence and Enforcement
Break (3:45pm - 4:15pm)
Session 4: Economics of privacy (4:15pm - 6:05pm)
Session Chair: Ross Anderson, University of Cambridge- 4:15pm The Impact of Relative Standards on Concern About Privacy
- Alessandro Acquisti, Carnegie Mellon University
- Leslie John, Carnegie Mellon University
- George Loewenstein, Carnegie Mellon University
- 4:45pm The Policy Maker's Anguish: regulating personal data behaviour between paradoxes and dilemmas
- Ramón Compañó, European Commission Joint Research Centre IPTS
- Wainer Lusoli, European Commission Joint Research Centre IPTS; \ Visiting Research Fellow, University of Chester
- 5:05pm The Privacy Jungle: On the Market for Data Protection in Social Networks
- Joseph Bonneau, University of Cambridge
- Soren Preibusch, University of Cambridge
- 5:35 HIPAA Compliance: An Examination of Institutional and Market Forces
- Ajit Appari, Tuck School of Business at Dartmouth
- Denise Anthony, Department of Sociology, Dartmouth College
- Eric Johnson, Tuck School of Business at Dartmouth
- 4:15pm The Impact of Relative Standards on Concern About Privacy
Conference Dinner (7:30pm - 9:30pm)
- Venue: Florence Hall at the Royal Institute of British Architects. Please clck for travel information and a a map.
Thursday, 25 June
Keynote 3: From Mathematical Modelling to Automation: Turning Research on the Economics of Security into Economic Value (9:00am - 9:45am)
Speaker: Martin Sadler, Hewlett-Packard Laboratories
Session Chair: Angela Sasse, UCLSession 5: Options (9:45am - 10:15am)
Session Chair: Andy Ozment- 9:45am Valuating Privacy with Option Pricing Theory
- Stefan Berthold, Technische Universitat Dresden
- Rainer Boehme, Technische Universitat Dresden
- 10:15am Optimal Timing of Information Security Investment: A Real Options Approach
- Ken-ichi Tatsumi, Gakushuin University
- Makoto Goto, Waseda University
- 9:45am Valuating Privacy with Option Pricing Theory
Break (10:45am - 11:15am)
Session 6: Misaligned incentives in systems (11:15am - 12:05pm)
Session Chair: Eric Johnson, Dartmouth College- 11:15am Security Economics and Critical National Infrastructure
- Ross Anderson, University of Cambridge
- Shailendra Fuloria, University of Cambridge
- 11:45am Internet Multi-Homing Problems: Explanations from Economics
- Richard Clayton, University of Cambridge
- 11:15am Security Economics and Critical National Infrastructure
Session 7 Security outsourcing and risk analysis (12:05pm - 12:45pm)
Session Chair: Shari Lawrence-Pfleeger, RAND- 12:05pm The Impact of Information Security Ratings on Vendor Competition
- Zach Zhou, Dartmouth College
- M. Eric Johnson, Dartmouth College
- 12:25pm The Risk of Risk Analysis-And its relation to the Economics of Insider Threats
- Christian W Probst, Technical University of Denmark
- Jeffrey Hunker, Carnegie Mellon University
- 12:05pm The Impact of Information Security Ratings on Vendor Competition
Lunch (12:45pm - 2pm)
Keynote 4: Strategy and Budgeting in Practice - Art or Science? (2:00pm - 2:45pm)
Speaker: Robert Coles, Merrill Lynch
Session Chair: David Pymm, Hewlett-Packard LaboratoriesSession 8: Cyber-insurance (2:45pm - 3:35pm)
Session Chair: Rainer Boehme, TU Dresden- 2:45pm Competitive Cyber-Insurance and Internet Security
- Nikhil Shetty, UC Berkeley
- Galina Schwartz, UC Berkeley
- Mark Felegyhazi, ICSI Berkeley
- Jean Walrand, UC Berkeley
- 3:15pm Potential Rating Indicators for Cyberinsurance: An Exploratory Qualitative Study
- Frank Innerhofer-Oberperfler, Research Group Quality Engineering, Institute of Computer Science, University of Innsbruck
- Ruth Breu, Research Group Quality Engineering, Institute of Computer Science, University of Innsbruck
- 2:45pm Competitive Cyber-Insurance and Internet Security
Break (3:35 - 4:00pm)
Session 9: Modelling security dynamics (4:00pm - 5:10pm)
Session Chair: Bruce Schneier, BT Counterpane- 4:00pm Economics of Malware: Epidemic Risks Model, Network Externalities and Incentives
- Marc LeLarge, INRIA-ENS
- 4:30pm Modeling the economic incentives of DDoS attacks: femtocell case study
- Vicente Segura, Telefónica I+D
- Javier Lahuerta, Telefónica I+D
- 4:50pm Modelling the Security Ecosystem- The Dynamics of (In)Security
- Stefan Frei, ETH Zurich
- Dominik Schatzmann, ETH Zurich
- Bernhard Plattner, ETH Zurich
- Brian Trammell, Hitachi Europe
- 4:00pm Economics of Malware: Epidemic Risks Model, Network Externalities and Incentives
Rump Session (5:15pm - 6:30pm)