In a digitized world where massive amounts of patient data can be compromised by a single lost laptop or an individual's identity can be swiped by an online "phishing" expedition, the need for information security is vital. But what is security worth to individuals and companies and what are they willing to pay for it?

Those questions will be the focus of the 2007 Workshop on the Economics of Information Security, a convergence of economists, computer scientists, lawyers and psychologist/behavioral economists June 7-8 at Carnegie Mellon University.

"Discussions of data security often focus on technical solutions," noted Alessandro Acquisti, assistant professor of information technology and public policy at Carnegie Mellon's H. John Heinz III School of Public Policy and Management. "But getting people to protect themselves and getting companies and government agencies to implement information security practices often involves economic, behavioral and legal factors over and above the technical issues," added Acquisti, who chairs the workshop's program committee with Rahul Telang, assistant professor of information systems.

An international array of researchers and security experts will present papers on the expanding black and white markets for selling newly discovered vulnerabilities in software, how publicized arrests of hackers can at least temporarily deter attacks on computer networks, and the ways employee use of peer-to-peer networks for sharing music, videos and software can inadvertently compromise a company's databases.

Other papers include an inside look at a computer used to operate a "phishing" site - a Web site designed to look like a legitimate bank or other institutional Web site to trick visitors into revealing account or other personal information - and the techniques used to keep it running. And researchers will report on the first study that found people willing to pay extra to protect their privacy, at least when that privacy protection was visible to them.

The Workshop on the Economics of Information Security is hosted by the Heinz School and Carnegie Mellon CyLab, and supported by Dartmouth University's Institute for Information Infrastructure Protection and by Microsoft. For more information, see http://weis2007.econinfosec.org/.

###

About Carnegie Mellon: Carnegie Mellon is a private research university with a distinctive mix of programs in engineering, computer science, robotics, business, public policy, fine arts and the humanities. More than 10,000 undergraduate and graduate students receive an education characterized by its focus on creating and implementing solutions for real problems, interdisciplinary collaboration, and innovation. A small student-to-faculty ratio provides an opportunity for close interaction between students and professors. While technology is pervasive on its 144-acre Pittsburgh campus, Carnegie Mellon is also distinctive among leading research universities for the world-renowned programs in its College of Fine Arts. A global university, Carnegie Mellon has campuses in Silicon Valley, Calif., and Qatar, and programs in Asia, Australia and Europe. For more, see http://www.cmu.edu/.

Contact: Byron Spice
Carnegie Mellon University