The Fifth Workshop on the Economics of Information Security (WEIS 2006)

Robinson College, University of Cambridge, England

26-28 June 2006

Sunday June 25

Punting on the Cam, afternoon (time TBD)

Monday June 26

Registration 0800-845, Robinson College

Session 1 0900-1030

Models and Measures for Correlation in Cyber-Insurance (paper)
Rainer Boehme and Gaurav Kataria

The Effect of Stock Spam on Financial Markets (paper)
Rainer Boehme and Thorsten Holz

The Economics of Digital Forensics (paper)
Tyler Moore

1030-1100: Tea

Session 2 1100-1230

Understanding and Influencing Attackers' Decisions: Implications for Security Investment Strategies (paper)
Marco Cremonini and Dmitri Nizovtsev

On the Gordon & Loeb Model for Information Security Investment (paper)
Jan Willemson

Economics of Information Security Investment in the Case of Simultaneous Attacks (paper)
C. Derrick Huang, Qing Hu and Ravi S. Behara

Session 3 1400-1530

Enterprise Information Security: Who Should Manage it and How? (paper)
Vineet Kumar, Rahul Telang and Tridas Mukhopadhyay

Hackers, Users, Information Security (paper)
I.P.L. Png, Candy Q. Tang and Qiu-Hong Wang

A Model for Opportunistic Network Exploits: The Case of P2P Worms (paper)
Michael Collins, Carrie Gates and Gaurav Kataria

1530-1600 Coffee

Session 4 1600-1730

Predictors of Home-Based Wireless Security (paper)
Matthew Hottell, Drew Carter and Matthew Deniszczuk

Proof of Work can Work (paper)
Debin Liu and L Jean Camp

The Topology of Covert Conflict (paper)
Shishir Nagaraja and Ross Anderson

1730-1830 Drinks Reception, Robinson College

Tuesday June 27

Session 1 0900-1030

Costs to the U.S. Economy of Information Infrastructure Failures: Estimates from Field Studies and Economic Data (paper)
Scott Dynes, Eva Andrijicic and M Eric Johnson

The Potential for Underinvestment in Internet Security: Implications for Regulatory Policy (paper)
Alfredo Garcia and Barry Horowitz

Bootstrapping the Adoption of Internet Security Protocols (paper)
Andy Ozment and Stuart E. Schechter

1030-1100: Tea

Session 2 1100-1230

The Economic Impact of Regulatory Information Disclosure on Information Security Investments, Competition, and Social Welfare (paper)
Anindya Ghose and Uday Rajan

Opt In Versus Opt Out: A Free-Entry Analysis of Privacy Policies (paper)
Jan Bouckaert and Hans Degryse

Reliable, Usable Signaling to Defeat Masquerade Attacks (paper)
L Jean Camp

Session 3 1400-1530

Economics of Security Patch Management (paper)
Huseyin Cavusoglu, Hasan Cavusoglu and Jun Zhang

Emerging Economic Models for Vulnerability Research (paper)
Michael Sutton and Frank Nagle

Competitive and Strategic Effects in the Timing of Patch Release (paper)
Ashish Arora, Christopher M. Forman, Anand Nandkumar and Rahul Telang

1530-1600 Coffee

Session 4 1600-1730

Private Sector Cyber Security Investment: An Empirical Analysis (paper)
Brent R. Rowe and Michael P. Gallaher

An Empirical Analysis of Security Investment in Countermeasures Based on an Enterprise Survey in Japan (paper)
Wei Liu, Hideyuki Tanaka and Kanta Matsuura

Justifying Spam and E-mail Virus Security Investments: A Case Study (paper)
Hemantha Herath and Tejaswini Herath

1730-1830 Rump Session

2000 Workshop banquet, St John's College

Wednesday June 28

Session 1 0900-1030

The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications (paper)
George Danezis and Bettina Wittneben

Is There a Cost to Privacy Breaches? An Event Study (paper)
Alessandro Acquisti, Allan Friedman and Rahul Telang

Financial Privacy for Free? US Consumers' Response to FACTA (paper)
Alessandro Acquisti and Bin Zhang

1030-1100: Tea

Session 2 1100-1230

Anonymity Loves Company: Usability and the Network Effect (paper)
Roger Dingledine and Nick Mathewson

Collaborative Scheduling: Threats and Promises (paper)
Rachel Greenstadt and Michael D. Smith

Adverse Selection in Online 'Trust' Certifications (paper)
Benjamin Edelman

Close of workshop

PET opening session 1400

The Sixth Workshop on Privacy-Enhancing Technologies begins at Robinson College immediately following WEIS. WEIS participants are invited to attend the Wednesday afternoon PET session free of charge. Click here for more information.

WEIS 2006 is sponsored by the Institute for Information Infrastructure Protection (I3P), Microsoft Research and the Foundation for Information Policy Research.

For more information, please contact Website maintained by Tyler.Moore at