IS290-18 Economics of Network Security and Privacy

Network security and privacy depends not only on technological, but also economic, behavioral, and legal factors. This course will draw upon analytical and empirical studies from economics, computer science, and public policy to shed light on the role played by incentives and rationality on the adoption and effectiveness of security mechanisms, and on the design of technical, market-based, and regulatory solutions to different security threats. Topics include: economics of spam, phishing, and other security exploits; economics of privacy; incentives, rationality, and security decision making; market insurance for security and privacy; and design principles for network and system security.

Schedule and Readings

Administrivia

CCN: 42646 (3 units)
Instructors: John Chuang (SH303A, chuang@ischool), Jens Grossklags (PhD Lounge, jensg@ischool)
Class Meetings: Tuesday 10:30am-1:30pm in 107 South Hall
Office Hours (John): Wednesdays 3-4pm and by appointment (SH303A, chuang@ischool)
Office Hours (Jens): Tuesday 1:30-2:30pm and by appointment (PhD Lounge, jensg@ischool)
Electronic Communications

Unmoderated mailing list: "esp@ischool" (Subscribe by sending email to "majordomo@ischool" with "subscribe esp" as first line of message body.)

Course Organization and Deliverables
Class meetings will be organized in a mixture of lecture, and guest speakers, and discussion formats. It is the responsibility of each student to complete the assigned readings before each meeting, and to contribute actively in class. Students are also encouraged to use the class mailing list to share research papers, points of discussion and recent events relevant to the class.

Grading components:

Conferences/Workshops of Interest:
Workshop on Economics and Information Security (WEIS) 2008, 2007, 2006, 2005, 2004, 2003, 2002
Workshop on Information Systems and Economics (WISE) 2007 2006 2005, 2004, 2002
ACM Workshop on Practice and Theory of Incentives and Game Theory in Networked Systems (PINS) 2004
I3P Workshop on the Economics of Securing the Information Infrastructure 2006
Workshop on the Economics of Networked Systems (Netecon) 2008 2007, 2006
Workshop on the Economics of P2P Systems (P2Pecon) 2005, 2004, 2003
ACM Conference on Electronic Commerce (EC) 2008, 2007, 2006, 2005, 2004, 2003
IEEE Conference on E-Commerce Technology (CEC) 2005, 2004
NYU Summer Workshop on the Economics of Information Technology 2005
International Workshop on Incentive Based Computing (IBC) 2005
Workshop on Internet and Network Economics (WINE) 2005
Telecommunications Policy Research Conference (TPRC)
NET Institute Conference on Network Economics 2007, 2008
Overview readings:

Why Information Security is Hard -- An Economic Perspective.
Ross Anderson
Annual Computer Security Applications Conference (ACSAC 2001)
http://www.acsac.org/2001/papers/110.pdf

Economic Aspects of Personal Privacy.
Hal R. Varian
Privacy and Self-Regulation in the Information Age (report issued by the NTIA)
http://www.ischool.berkeley.edu/~hal/Papers/privacy/

The State of Economics of Information Security
L. Jean Camp
I/S: A Journal of Law and Policy in the Information Society, Volume 2, Number 2
http://www.is-journal.org/V02I02/2ISJLP189-Camp.pdf

Economics of Privacy
Kai-Lung Hui and Ivan P.L. Png
Handbooks in Information Systems, Volume 1 (Elsevier, 2006)
http://www.comp.nus.edu.sg/~ipng/research/privacy_HISE.pdf

Suggestions for other resources welcome!

Online resources:

Paper repository on the Economics of Privacy (Alessandro Acquisti)
http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm

Bibliography on Human-Computer Interaction, Security and Privacy (Alma Whitten)
http://gaudior.net/alma/biblio.html

Suggestions for other resources welcome!

Last Updated: March 04, 2008 - Jens Grossklags, John Chuang