The 21st Annual Workshop on the Economics of Information Security (WEIS 2022)
The security of information systems and the privacy they offer depends on more than just technology. Both security and privacy require an understanding of the incentives and trade-offs inherent to the behavior of people and organizations. As society’s dependence on information technology has deepened, policy-makers have taken notice. Now more than ever, careful research is needed to characterize accurately threats and countermeasures, in both the public and private sectors.
The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security and privacy, combining expertise from the fields of economics, social science, business, law, policy, and computer science. Prior workshops have explored the role of incentives between attackers and defenders of information systems, identified market failures surrounding internet security, quantified risks of personal data disclosure, and assessed investments in cyber-defense. The 2022 workshop will build on past efforts using empirical and analytic tools not only to understand threats, but also to strengthen security and privacy through novel evaluations of available solutions.
We encourage economists, computer scientists, legal scholars, business school researchers, security and privacy specialists, as well as industry experts to submit their research and participate by attending the workshop. Suggested topics include (but are not limited to) empirical and theoretical studies of:
- Optimal investment in information security
- Models and analysis of online crime (including botnets, ransomware, and underground markets)
- Cyber-risk quantification and cyber-insurance
- Security standards and regulation
- Vulnerability discovery, disclosure, and patching
- Incentives for information sharing and cooperation
- Cyber-security policy
- Economics of privacy and anonymity
- Behavioral security and privacy
- Incentives for and against pervasive monitoring threats
- Cyber-defense strategy
- Geopolitical and international relations aspects of cybersecurity policy, including cyberterrorism
Submitted manuscripts should represent significant and novel research contributions. WEIS has no formal discipline or formatting guidelines. Previous contributors spanned fields from economics and psychology to computer science and law, each with different norms and expectations about manuscript length and formatting.
All manuscripts will have to be submitted in anonymized form for double-blind review. (See https://cacm.acm.org/magazines/2018/6/228027-effectiveness-of-anonymization-in-double-blind-review/abstract for arguments substantiating this requirement.)
To that effect:
- The title page should not contain any author names or affiliations.
- Authors should carefully review figures and appendices (especially survey instruments) to ensure affiliations are not accidentally included.
- When referring to your previous work, do so in the third person, as though it were written by someone else. Only blind the reference itself in the (unusual) case that a third-person reference is infeasible.
- Authors may include links to websites that contain source code, tools, or other supplemental material. Neither the link in the paper nor the website or any of the materials therein may contain the authors’ names and affiliations.
Papers that are not properly anonymized may be rejected without review.
While submitted papers must be anonymous, authors may choose to give talks about their work, post a preprint of the paper online, disclose security vulnerabilities to vendors or the public, etc. during the review process.
Papers should be submitted through the submission server.
February 28, 2022 March 7, 2022
Notification of acceptance:
April 15, 2022 April 25, 2022
Final papers due (revisions): May 26, 2022
Workshop dates: June 21-22, 2022