home · mobile · calendar · colloquia · 2009-2010 · 

Colloquium - Großklags

Secure or Insure: An Economic Analysis of Security Interdependencies and Investment Types
Princeton University

Computer users express a strong desire to prevent attacks, and to reduce the losses from computer and information security breaches. However, despite the widespread availability of various technologies, actual investments in security remain highly variable across the Internet population. As a result, attacks such as distributed denial-of-service and spam distribution continue to spread unabated.

Users may struggle to respond vigorously because the effectiveness of security decisions is subject to strong interdependencies in a network, and different types of threats. In this talk, Jens addresses this complexity by analyzing investment decision-making in a unified framework of established (i.e., weakest-link, best-shot, and total effort) and novel games (e.g., weakest-target).

He examines how incentives between investment opportunities in a cooperative good (protection) and a private good (self-insurance), subject to factors such as network size, type of attack, loss probability, loss magnitude, and cost of technology. The findings highlight circumstances where poorly aligned incentives lead to security failures, and how interventions may be helpful.

Jens Großklags is a Postdoctoral Research Associate at the Center for Information Technology Policy and a Lecturer of Computer Science at Princeton University. He is working on problems concerning information privacy, security, and the implications of interdependent systems on society. He was invited to testify before the Federal Trade Commission to inform policymakers about users' online practices. Further, he acted as an invited expert on cyber-economics at the 2009 Cyber Leap Year Summit facilitated by the White House Office of Science and Technology Policy. Prior to joining Princeton, Jens conducted his PhD research at the School of Information, and Masters studies at the Department of Computer Science (both University of California, Berkeley).

Department of Computer Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
May 5, 2012 (14:13)