Ebook: Economics of Information Security and Privacy III

The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security, combining expertise from the fields of economics, social science, business, law, policy and computer science. Prior workshops have explored the role of incentives between attackers and defenders, identified market failures dogging Internet security, and assessed investments in cyber-defense. Current contributions build on past efforts using empirical and analytic tools to not only understand threats, but also strengthen security through novel evaluations of available solutions. Economics of Information Security and Privacy III addresses the following questions: how should information risk be modeled given the constraints of rare incidence and high interdependence; how do individuals' and organizations' perceptions of privacy and security color their decision making; how can we move towards a more secure information infrastructure and code base while accounting for the incentives of stakeholders?

---

The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security, combining expertise from the fields of economics, social science, business, law, policy and computer science. Prior workshops have explored the role of incentives between attackers and defenders, identified market failures dogging Internet security, and assessed investments in cyber-defense. Current contributions build on past efforts using empirical and analytic tools to not only understand threats, but also strengthen security through novel evaluations of available solutions. Economics of Information Security and Privacy III addresses the following questions: how should information risk be modeled given the constraints of rare incidence and high interdependence; how do individuals' and organizations' perceptions of privacy and security color their decision making; how can we move towards a more secure information infrastructure and code base while accounting for the incentives of stakeholders?

---

The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security, combining expertise from the fields of economics, social science, business, law, policy and computer science. Prior workshops have explored the role of incentives between attackers and defenders, identified market failures dogging Internet security, and assessed investments in cyber-defense. Current contributions build on past efforts using empirical and analytic tools to not only understand threats, but also strengthen security through novel evaluations of available solutions. Economics of Information Security and Privacy III addresses the following questions: how should information risk be modeled given the constraints of rare incidence and high interdependence; how do individuals' and organizations' perceptions of privacy and security color their decision making; how can we move towards a more secure information infrastructure and code base while accounting for the incentives of stakeholders?
Content:
Front Matter....Pages i-x
The Impact of Immediate Disclosure on Attack Diffusion and Volume....Pages 1-12
Where Do All the Attacks Go?....Pages 13-33
Sex, Lies and Cyber-Crime Surveys....Pages 35-53
The Underground Economy of Fake Antivirus Software....Pages 55-78
The Inconvenient Truth About Web Certificates....Pages 79-117
Resilience of the Internet Interconnection Ecosystem....Pages 119-148
Modeling Internet-Scale Policies for Cleaning up Malware....Pages 149-170
Fixed Costs, Investment Rigidities, and Risk Aversion in Information Security: A Utility-theoretic Approach....Pages 171-191
Are Home Internet Users Willing to Pay ISPs for Improvements in Cyber Security?....Pages 193-212
Economic Methods and Decision Making by Security Professionals....Pages 213-238
Real Name Verification Law on the Internet: A Poison or Cure for Privacy?....Pages 239-261
The Privacy Landscape: Product Differentiation on Data Collection....Pages 263-283

---

The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security, combining expertise from the fields of economics, social science, business, law, policy and computer science. Prior workshops have explored the role of incentives between attackers and defenders, identified market failures dogging Internet security, and assessed investments in cyber-defense. Current contributions build on past efforts using empirical and analytic tools to not only understand threats, but also strengthen security through novel evaluations of available solutions. Economics of Information Security and Privacy III addresses the following questions: how should information risk be modeled given the constraints of rare incidence and high interdependence; how do individuals' and organizations' perceptions of privacy and security color their decision making; how can we move towards a more secure information infrastructure and code base while accounting for the incentives of stakeholders?
Content:
Front Matter....Pages i-x
The Impact of Immediate Disclosure on Attack Diffusion and Volume....Pages 1-12
Where Do All the Attacks Go?....Pages 13-33
Sex, Lies and Cyber-Crime Surveys....Pages 35-53
The Underground Economy of Fake Antivirus Software....Pages 55-78
The Inconvenient Truth About Web Certificates....Pages 79-117
Resilience of the Internet Interconnection Ecosystem....Pages 119-148
Modeling Internet-Scale Policies for Cleaning up Malware....Pages 149-170
Fixed Costs, Investment Rigidities, and Risk Aversion in Information Security: A Utility-theoretic Approach....Pages 171-191
Are Home Internet Users Willing to Pay ISPs for Improvements in Cyber Security?....Pages 193-212
Economic Methods and Decision Making by Security Professionals....Pages 213-238
Real Name Verification Law on the Internet: A Poison or Cure for Privacy?....Pages 239-261
The Privacy Landscape: Product Differentiation on Data Collection....Pages 263-283
....