2nd Annual Workshop
“Economics and Information Security”

May 29-30, 2003

Robert H. Smith School of Business
Center for Public Policy and Private Enterprise

University of Maryland

 

 

“2nd Annual Workshop on
Economics and Information Security”

 

Robert H. Smith School of Business
University of Maryland
1412 Van Munching Hall
Rouse Room
College Park, MD 20742

May 29-30, 2003

Agenda

Thursday, May 29th
8:00A - 9:00A Continental Breakfast
9:00A - 9:10A Opening Remarks
9:10A - 10:30A Session 1 - Trusted Computing and DRM
Chair - Ross Anderson, University of Cambridge
-
Cryptology and Competition Policy-Issues with 'Trusted Computing
Ross Anderson, Cambridge University
-
How Much is Stronger DRM Worth?
Stephen R. Lewis, University of Cambridge
-
Trusted Computing, Peer-to-Peer Distribution, and the Economics of Pirated Entertainment
Stuart E. Schecter, Harvard University
Rachel A. Greenstadt, Harvard University
Michael D. Smith, Harvard University
10:30A - 11:00A Morning Break
11:00A - 12:00P Session 2 - Security Intrusion
Chair - Bruce Schneier, Counterpane Internet Security
-

Quantifying the Value of IT Security Mechanisms and Setting Up an
Effective Security Architecture

Huseyin Cavusoglu, University of Texas at Dallas
Srinivasan Raghunathan, University of Texas at Dallas
Birendra Mishra, University of Texas at Dallas

-
Evaluating Damages Caused By Information Systems Security Incidents
Fariborz Farahmand, Georgia Institute of Technology
Shamkant B. Navathe, Georgia Institute of Technology
Gunter P. Sharp, Georgia Institute of Technology
Philip H. Enslow, Georgia Institute of Technology
12:00P - 1:30P

Lunch and Luncheon Speaker
Mainanne Emerson, Federal Reserve Board

Session 3 - Privacy Policies
Chair - Hal Varian, University of California, Berkeley
-
The Paradoxical Value of Privacy
Paul Syverson, Naval Research Laboratory
-
Why We Can't be Bothered to Read Privacy Policies Models of Privacy
Economics as a Lemons Market

Tony Vila, Harvard University
Rachel Greenstadt, Harvard University
David Molnar, Harvard University
       
   
-

Paying for Privacy: Consumers and Infrastructures
Adam Shostack, Informed Security

   
3:10P - 3:30P Afternoon Break
3:30P - 4:45P Session 4- Round Table Discussion on Options & Security
Chair - Andrew M. Odlyzko, University of Minnesota
-
Hal Varian, University of California at Berkeley
-
Lawrence Gordon, University of Maryland
       
4:45P - 5:30P Refreshments
6:30P - 8:00P Dinner
Friday, May 30th    
8:00A - 9:00A Continental Breakfast
9:00A -10:00A

Session 5 -Guest Speaker
John Manferdelli, Microsoft Corporation

10:00A - 10:30A Morning Break
10:30A - 12:00P Session 6 - Alternative Approaches to Security Processes
    Chair - L. Jean Camp, Harvard University
   
-
Losses, Gains, and Hyperbolic Discounting: An Experimental Approach to Information Security Attitudes and Behaviors
Alessandro Acquisti, University of California, Berkeley
Jens Grossklags, University of California, Berkeley
       
   
-
Making Security Manifest
Allan Friedman, Harvard University
L. Jean Camp, Harvard University
   
 
   
-
Evaluating Security Systems: A Five-Step Process
Bruce Schneier, Counterpane Internet Security
       
12:00P - 1:30P Lunch and Luncheon Speaker
Dean Howard Frank, University of Maryland
1:30P - 2:15P Session 7 - Asymetric Information Aspects of Information Security
    Chair - William Lucyshyn, Defense Advanced Research Projects Agency
and University of Maryland
   
-
The Economic Consequences of Sharing Security Information
Esther Gal-Or, University of Pittsburgh
Anindya Ghose, Carnegie Mellon University
   
 
   
-
Economic Aspects of Controlling Capital Investments in Cyberspace
Security for Critical Infrastructure Assets

Lawrence A. Gordon, University of Maryland
Martin P. Loeb, University of Maryland
William Lucyshyn Defense Advanced Research Projects Agency
and University of Maryland
   
 
   
-
Interfering in e-Contracting
Patrick Legros, Université Libre de Burxelles
Andrew F. Newman, Institute for Advanced Study, Princeton University
and University College London
 
2:50P - 3:10P Afternoon Break
  3:10P - 4:30P Session 8 - Practical Cases and Problems
       
Chair - Martin Loeb, University of Maryland
-
Security and Lock-In: The Case of the U.S. Cable Industry
Tom Lookabaugh, University of Colorado
Douglas C. Sicker, University of Colorado
-
We Want Security But We Hate It. The Foundations of Security Technoeconomics in the Social World
Mauro Sandrini, Teramo University
       
   
-
How and Why a More Secure Technologies Succeed in Legacy Markets: Lessons from the Success of SSH
Nicholas Rosasco University of Maryland, Baltimore County
David Larochelle, University of Virginia
       
  4:30P - 5:30P   Refreshments