The Workshop on the Economics of Securing the Information Infrastructure
http://wesii.econinfosec.org/
October 23-24, 2006
Washington, DC
PRELIMINARY PROGRAM & CALL FOR PARTICIPATION
...
9:00AM Panel - Economic Barriers and Incentives for DNSSEC Deployment
11:00AM Session 1
* Comparing the Costs of Public Key Authentication Infrastructures
* Economics of Internet Security Outsourcing: Simulation Results Based on the Schneier Model
* The Effect of Information Security Incidents on Corporate Values in the Japanese Stock Market
1:30PM Panel - Data Sources: Should we answer questions for which data is available, can we get more data, or can we do without?
3:30PM Session 2
* Toward A Dynamic Modeling Of The Vulnerability Black Market
* Toward One Strong National Breach Disclosure Law - Justification and Requirements
* Using Self-interest to Prevent Malice; Fixing the Denial of Service Flaw of the Internet
9:00AM Session 3
* A Closer Look at Attack Clustering
* Predictive Modelling for Security Operations Economics
* Assessing Trusted Network Access Control Cost-Benefit Factors
11:00AM Session 4
* The Statistical Value of Information
* On the Economic Placement of Monitors in Router Level Network Topologies
1:00PM Work-in-Progress (WIP) Session
* Economic Interpretation and a Simulation Exercise for Exploring Corporate Investments in Cyber Security
* Securing Our Data Storage Infrastructures
* A Neo-institutional Perspective on Cyber Attacks
* Beyond Media Hype: Empirical Analysis of Disclosed Privacy Breaches 2005-2006 and a DataSet/Database Foundation for Future Work
* Securing the Process of Insurance Application
* Evaluation of Information Security Investment Portfolios: A Probabilistic Approach
* Direct measurement of spam zombie activity in a residential broadband network
========================================================================
Hotel & Registration
========================================================================
*The WESII Hotel Reservation Deadline is September 20*
*Registration is now open*
========================================================================
Preliminary Program
========================================================================
For updates, see
Monday, October 23, 2006
9:00AM Panel
Economic Barriers and Incentives for DNSSEC Deployment
Moderator: Andy Ozment
Panelists: Sam Weiler, Steve Crocker, and more TBA
11:00AM Session 1
* Comparing the Costs of Public Key Authentication Infrastructures
Patroklos Argyroudis (University of Dublin, Trinity College)
Robert McAdoo (University of Dublin, Trinity College)
Donal O'Mahony (University of Dublin, Trinity College)
* Economics of Internet Security Outsourcing:
Simulation Results Based on the Schneier Model
William Yurcik (University of Illinois)
Wen Ding (University of Illinois)
* The Effect of Information Security Incidents on Corporate
Values in the Japanese Stock Market
Masaki Ishiguro (Mitsubishi Research Institute)
Hideyuki Tanaka (The Graduate School of
Interdisciplinary Information Studies),
Kanta Matsuura (Institute of Industrial Science,
University of Tokyo),
Ichiro Murase (Mitsubishi Research Institute)
1:30PM Panel
Data Sources:
Should we answer questions for which data is available,
can we get more data, or can we do without?
Moderator: Allan Friedman
Panelists: TBA
3:30PM Session 2
* Toward A Dynamic Modeling Of The Vulnerability Black Market
Jaziar Radianti (Agder University College)
Jose. J. Gonzalez (Agder University College)
* Toward One Strong National Breach Disclosure Law -
Justification and Requirements
William Yurcik (University of Illinois)
Ragib Hasan (University of Illinois at Urbana-Champaign)
* Using Self-interest to Prevent Malice;
Fixing the Denial of Service Flaw of the Internet
Bob Briscoe (BT & UCL)
Tuesday, October 24, 2006
9:00AM Session 3
* A Closer Look at Attack Clustering
Rainer Böhme (TU Dresden)
Gaurav Kataria (Carnegie Mellon University)
* Predictive Modelling for Security Operations Economics
Mike Yearworth (HP Labs)
Brian Monahan (HP Labs)
David Pym (HP Labs)
* Assessing Trusted Network Access Control Cost-Benefit Factors
Susmit Panjwani (Deviant Intelligence LLC)
Stephanie Tan (IBM)
11:00AM Session 4
* The Statistical Value of Information
Luther Martin (Voltage Security)
* On the Economic Placement of Monitors in
Router Level Network Topologies
Yongping Tang (Iowa State University)
Thomas E. Daniels (Iowa State University)
1:00PM Work-in-Progress (WIP) Session
* Economic Interpretation and a Simulation Exercise for
Exploring Corporate Investments in Cyber Security
Jonathan Crawford (University of Virginia)
Kenneth G. Crowther (University of Virginia)
Barry Horowitz (University of Virginia)
James Lambert (University of Virginia)
* Securing Our Data Storage Infrastructures
Bob Mungamuru (Stanford University)
Hector Garcia-Molina (Stanford University)
* A Neo-institutional Perspective on Cyber Attacks
Nir Kshetri (University of North Carolina--Greensboro)
* Beyond Media Hype: Empirical Analysis of Disclosed Privacy
Breaches 2005-2006 and a DataSet/Database Foundation for Future Work
Ragib Hasan (University of Illinois at Urbana-Champaign)
William Yurcik (University of Illinois)
* Securing the Process of Insurance Application
Vincent Wolff-Marting (University of Leipzig)
André Köhler (University of Leipzig)
Volker Gruhn (University of Leipzig)
* Evaluation of Information Security Investment Portfolios:
A Probabilistic Approach
Tae-Sung Kim (Chungbuk National University)
Chandrasekhar Subramaniam (UNC Charlotte),
Sungjune Park (UNC Charlotte),
Ram Kumar (UNC Charlotte)
* Direct measurement of spam zombie activity in a
residential broadband network
Geoff Bennett (StreamShield)
Brian Webb (BT Retail)
========================================================================
Program Committee
========================================================================
Alessandro Acquisti Carnegie Mellon University
Heinz School of Public Policy & Management
Ross Anderson University of Cambridge
Jean Camp Indiana University
Huseyin Cavusoglu University of Texas at Dallas
Richard Clayton University of Cambridge
Steve Crocker Shinkuro / DNSSEC Deployment Working Group
Ben Edelman Harvard University Department of Economics
Allan Friedman Harvard University
Kennedy School of Government
Adam M. Golodner Cisco Systems
Larry Gordon University of Maryland
Smith School of Business
Yacov Haimes University of Virginia
Cathy Handley U.S. Department of Commerce, National
Telecommunications & Information Administration
Barry Horowitz University of Virginia
Richard Hovey U.S. Federal Communications Commission (FCC)
Jeff Hunker Carnegie Mellon University
Heinz School of Public Policy & Management
M. Eric Johnson The Tuck School of Business at Dartmouth College
Jeffrey M. Kopchik U.S. Federal Deposit Insurance Corporation (FDIC)
Technology Supervision Branch
Steve Lipner Microsoft
Marty Loeb University of Maryland
Smith School of Business
Doug Maughan U.S. Department of Homeland Security (DHS)
Science and Technology Directorate
Doug Montgomery U.S. National Institute of Standards & Technology
Internetworking Technologies Group
Milton Mueller Syracuse University School of Information Studies
Andrew Odlyzko University of Minnesota
Andy Ozment MIT Lincoln Laboratory / University of Cambridge
Shari Lawrence Pfleeger RAND Corporation
Stuart Schechter MIT Lincoln Laboratory
Bruce Schneier Counterpane Internet Security
Rahul Telang Carnegie Mellon University
Heinz School of Public Policy & Management
Andrew Wyckoff Organisation for Economic Cooperation and
Development (OECD)
Bill Yurcik National Center for Supercomputing Applications
(NCSA)
========================================================================
Workshop Sponsors
========================================================================
The Institute for Information Infrastructure Protection (I3P)
The Workshop on the Economics of Information Security (WEIS)
________________________________________________________________________
Economics of Information Security (EIS) Mailing List Information
We retried your name from either the author/attendee lists of one of the
previous workshops on the economics of information security (WEIS) or
through the suggestion of a member of the WEIS steering committee.
This list will never be used for commercial purposes and we will work to
ensure traffic is kept to a minimum (no more than 10 messages per year).
If you would prefer not to receive future emails about this or related
workshops, we apologize for this intrusion and offer you the following
options for unsubscribing:
1) Visit http://announce-list.econinfosec.org
2) Email stuart@econinfosec.org
slightly related news article:
American National Standards Institute :: Internet Security Alliance and American National Standards Institute Announce New Collaboration for Improving Information Security
http://sev.prnewswire.com/computer-electronics/20060915/NYF02815092006-1.html
recent post mentioning some of the efficiency issues related to armoring transactions with strong authentication as opposed to perpetually having to hide all the information.
http://www.garlic.com/~lynn/aadsm25.htm#25
http://www.garlic.com/~lynn/aadsm25.htm#27
i.e. is information security oriented towards preventing bad things ... or is it oriented towards hiding information as the only mechanism for preventing bad things?
old long winded post on the thread between risk management and information security
http://www.garlic.com/~lynn/aepay3.htm#riskm
and of course earlier entries on naked payments:
https://financialcryptography.com/mt/archives/000745.html
https://financialcryptography.com/mt/archives/000744.html
https://financialcryptography.com/mt/archives/000749.html
older news article
Bank workers biggest ID theft threat
http://deseretnews.com/dn/view/0,1249,600145529,00.html
and old post: Study: ID theft usually an inside job
http://www.garlic.com/~lynn/aadsm17.htm#38
of course a lot of this predates current uptic in phishing ... where getting victim to divulge relatively trivial information like their account number ... can precipitate fraudulent transactions (again, another characteristic of naked transactions).
(long winded) post discussing catch22 for the pki domain name certification industry with regards to possible implications of DNSSEC deployment:
http://www.garlic.com/2006f.html#33