Smith Professors Help Organize Workshop on Economics and Information Security (WEIS) at University of Cambridge

For several years an international group of researchers interested in the intersection of economics and information security have been holding a Workshop on Economics and Information Security (WEIS). The Fifth Workshop (June 26-28, 2006) was held at the University of Cambridge, UK, and close to 100 people (a combination of academician and practitioners) attended. The previous four workshops were held at the following universities: Harvard (2005), Minnesota (2004), Maryland (2003), and UC-Berkeley (2002). Drs. Lawrence A. Gordon and Martin P. Loeb, both professors in the Smith School's Accounting and Information Assurance department, are founding program committee members of WEIS and have played a pivotal role in helping to organize all five of the workshops held to date. Gordon and Loeb have also actively participated in all of the workshops. Papers at the 2006 Workshop covered such topics as the use of cyber insurance, the cost of privacy breaches, the economics of software security patching, and optimal investment in information security. Numerous papers on the latter topic revolved around the "Gordon-Loeb Model" for information security investments [see Gordon, L. A. and M. P. Loeb, "The Economics of Information Security Investment," ACM Transactions on Information and System Security, (November 2002), pp. 438-457].

According to Gordon, "WEIS provides a forum for discussion on issues of major importance to individuals interested in the use of economics to examine cyber and national security issues. Indeed, it is rapidly becoming apparent that the economics surrounding the management of resources is central to these issues." Gordon and Loeb are also the authors of Managing Cybersecurity Resources: A Cost-Benefit Analysis.