Information security and privacy continue to grow in importance, as threats proliferate, privacy erodes, and attackers find new sources of value. Yet the security of information systems and the privacy offered by them depends on more than just technology. Each requires an understanding of the incentives and trade-offs inherent to the behavior of people and organizations. As society’s dependence on information technology has deepened, policy-makers have taken notice. Now more than ever, careful research is needed to characterize accurately threats and countermeasures, in both the public and private sectors.
The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security and privacy, combining expertise from the fields of economics, social science, business, law, policy, and computer science. Prior workshops have explored the role of incentives between attackers and defenders of information systems, identified market failures surrounding Internet security, quantified risks of personal data disclosure, and assessed investments in cyber-defense. The 2017 workshop will build on past efforts using empirical and analytic tools not only to understand threats, but also to strengthen security and privacy through novel evaluations of available solutions.