Secure, Unsure, or Ignore? Economics of Information Security
Are we investing too little in information security? Are we investing too much? Since Anderson and Varian posed these questions in 2002, much progress has been made in understanding rational decision-making in information security. In this talk, I will discuss the challenges of applying risk management to security, highlight the public goods nature of interdependent security, explore the tradeoffs between protection and insurance, and motivate a new "weakest target" game to investigate the incentive dynamics of botnets and other classes of attacks.
John Chuang is Associate Professor at the School of Information at UC Berkeley. He received a B.S. and M.S. in Electrical Engineering from the University at Southern California and Stanford University respectively, and a Ph.D. in Engineering and Public Policy from Carnegie Mellon University. His research focus is on economics-informed design of computer networks and distributed systems, including incentive mechanisms for peer-to-peer systems, economics of network security, and economics of network architectures.