Prospectus for Economics of Information Security

L Jean Camp

Informatics Rm 200

1:00 - 2:15 pm MW
I 105

List and links to readings for each day

The course will use the tools of economics to better understand computer security. This is not a course in economics research in that no new tools will be discovered and no new ground will be broken in economic theory. The understanding of economics required for this course is modest, and a strong mathematical background with no economics will certainly suffice. There is no textbook. The course will be based on a series of research papers, primarily drawn for the series of Workshops on Economics of Information Security.


There are two methods for obtaining credit for this class for doctoral studies. Those in security can take the course for depth credit. This will require a completed research paper. Those in the PhD program who are taking the course for breadth credit are required to do weekly readings.

For masters students in any program, taking this as an elective or required course, the choice of a paper or a weekly summary will be made based on your interests. The grading standards will not be as strigent as for the doctoral students in either case.


25% class participation in class and on oncourse
75% For Breadth Credit
weekly essays
due every Friday
35% For Depth Credit
midterm draft
due as scheduled
40% For Depth Credit
final paper
due as scheduled


Possible Publication Venues

Trust 2009 2nd International Conference on Trusted Computing, St. Hugh's College, University of Oxford, UK, April 6-8, 2009. Submissions November 2, 2008.
For more information, please see

SP 2009 30th IEEE Symposium on Security and Privacy, Oakland/Berkeley, California, USA, May 17-20, 2009. (Submissions due 10 November 2008)

IDtrust 2009 8th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryalnd, USA, April 14-16, 2009. (Submissions due 17 November 2008)

IFIP-CIP 2009 Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA, March 22-25, 2009. For more information, please see Submissions December 31, 2008.

USENIX '09: 2009 USENIX Annual Technical Conference, June 14-19, 2009, San Diego, CA, Paper submissions due: January 9, 2009

IPTPS '09: 8th International Workshop on Peer-to-Peer Systems, Submissions due: January 9, 2009,

USENIX Security '09: 18th USENIX Security Symposium, Paper submissions due: February 4, 2009 August 10-14, 2009, Montreal, Canada


The class is assumes no background in economics, and therefore must begin with some very basic economics. After this it is divided into major topics, with sessions organized under those themes.

Economics Intro

These first sessions will provide the minimal microeconomics necessary to understand the remainder of the term. Concepts of utility and optimization are introduced.


Spam is an economic problem with technical symptoms. How charging for spam is possible in the technical sense, and why it won't work in the real world.

Economic of Vulnerabilities

One of the most hotly contested issues in security economics is the disclosure of vulnerabilities. Should there be a market for disclosure? If so, in what form?

Pricing Intrusion and Return on Security Investment

If there is an intrusion avoided or a recovery from intrusion the question of cost can be hotly contested. How to begin to balance and argue those costs is the issue in these sessions.

Economics of Privacy

Privacy, like security, is the control of information. The economics of privacy can explain some otherwise arbitrary consumer behavior.

The Social Side of Security

The course ends with a consideration of the social implications of security.