The WEIS 2017 program consists of invited speakers and the presentation of research papers. The papers have been selected in a rigorous, peer-review process by an international program committee. All workshop sessions will take place in 1N108 on the ground floor of Wells Fargo Hall. WEIS is being live blogged by Ross Anderson.

Sunday, June 25, 2017
5:00-8:00pm Welcome Reception at Rady School of Management
Please join us for drinks and hors d’oeuvres in the Sky Pavilion on the 5th floor of Wells Fargo Hall.


Monday, June 26, 2017
8:00-9:00am Light Breakfast
Meals will be served in Multi Purpose Room 1 (MPR 1) on the ground floor of Otterson Hall
9:00-9:10am Welcome Remarks
9:10-10:50am Session: Security Investment and Performance
Chairs: Ross Anderson

When to Invest in Security? Empirical Evidence and a Game-Theoretic Approach for Time-Based Security [slides]
Sadegh Farhang & Jens Grossklags

Inferring Security Performance of Providers from Noisy and Heterogenous Abuse Datasets
Arman Noroozian, Michael Ciere, Maciej Korczynski, Samaneh Tajalizadehkhoob & Michel van Eeten

The effect of competition intensity on software security – An empirical analysis of security patch release on the web browser market [slides]
Arrah-Marie Jo

The Effects of Security Management on Security Events
Frank Nagle, Sam Ransbotham & George Westerman

10:50-11:20am Coffee Break
11:20-12:35pm Government Perspectives
Chair: L. Jean Camp

Cost of a Cyber Incident
Olga Livingston, Matthew Shabat & Tony Cheesebrough (DHS)

Privacy and Data Security: An Economic Perspective of Consumer Protection
Andrew Stivers & Ginger Jin (FTC)

R&D Strategy for the Cyber Risk Economics (CYRIE) program, Cyber Security Division of DHS
Erin Kenneally (DHS)

12:35-1:45pm Lunch
Meals will be served in MPR 1 on the ground floor of Otterson Hall
1:45-3:25pm Session: Impact on Businesses and Exchanges
Chair: Dmitry Zhdanov

An Analysis of Pay-per-Install Economics Using Entity Graphs [slides]
Platon Kotzias & Juan Caballero

Booted: An Analysis of a Payment Intervention on a DDoS-for-Hire Service [slides]
Ryan Brunt, Prakhar Pandey & Damon McCoy

Price Manipulation in the Bitcoin Ecosystem [slides]
Neil Gandal, Jt Hamrick, Tyler Moore & Tali Oberman

Impact of Security Events and Fraudulent Transactions on Customer Loyalty: A Field Study
Sriram Somanchi & Rahul Telang

3:25-3:55pm Coffee Break
3:55-5:35pm Session: Vulnerabilities
Chair: Milton Mueller

Sometimes Three Rights Really Do Make a Wrong: Measuring Cybersecurity and Simpson’s Paradox [slides]
Eric Jardine

The Work-Averse Cyber Attacker Model: Theory and Evidence From Two Million Attack Signatures
Luca Allodi, Fabio Massacci & Julian Williams

Make Notifications Great Again: Learning How to Notify in the Age of Large-Scale Vulnerability Scanning
Orcun Cetin, Carlos Gañán, Maciej Korczyński & Michel van Eeten

Standardisation and Certification of the `Internet of Things’ [slides]
Eireann Leverett, Richard Clayton & Ross Anderson

6:00-10:00pm Social Event & Workshop Dinner
Birch Aquarium and Scripps Institution of Oceanography
Buses will leave from Rady at 5:45pm
Buses will return at 9:15pm, 9:30pm, 9:45pm and 10:00pm


Tuesday, June 27, 2017
8:00-9:00am Light Breakfast
Meals will be served in MPR 1 on the ground floor of Otterson Hall
9:00-10:40am Session: Security/Data Breaches
Chair: Kanta Matsuura

Security Breaches in the U.S. Federal Government
Min-Seok Pang & Huseyin Tanriverdi

Do Hospital Data Breaches Reduce Patient Care Quality? [slides]
Sung Choi & M. Eric Johnson

Do Organizations Learn from a Data Breach?
Joseph Buckman, Jesse Bockstedt, Matthew Hashim & Tiemen Woutersen

Estimating the size of the iceberg from its tip
Fabio Bisogni, Hadi Asghari & Michel van Eeten

10:40-11:10am Coffee Break
11:10-12:10pm Keynote Address
Andrew Serwin
Global Co-chair of Morrison & Foerster’s Privacy + Data Security group

Mr. Serwin is widely-regarded as one of the nation’s premier privacy and data security lawyers. He advises a number of Fortune 500 and emerging companies alike, with a particular emphasis on: international compliance; health privacy; mobile; behavioral advertising; the Electronic Communications Privacy Act and wiretap issues; electronic marketing concerns; social media; and compliance with FTC requirements. Mr. Serwin also handles some of the highest-profile data security incidents and privacy enforcement and litigation matters in the world. [Read more]

12:10-1:20pm Lunch
Meals will be served in MPR 1 on the ground floor of Otterson Hall
1:20-2:35pm Session: Privacy
Chair: Serge Egelman

Privacy and Quality [slides]
Yassine Lefouilli & Ying Lei Toh

An Empirical Investigation of the Antecedents and Consequences of Privacy Uncertainty in the Context of Mobile Apps
Usman Aleem, Hasan Cavusoglu & Izak Benbasat

Online Distractions, Website Blockers, and Economic Productivity: A Randomized Field Experiment
Veronica Marotta & Alessandro Acquisti

2:35-3:05pm Coffee Break
3:05-4:20pm Session: Cyber Insurance
Chair: Rainer Böhme

Content Analysis of Cyber Insurance Policies: How do carriers develop policies and price cyber risk? [slides]
Sasha Romanosky, Lillian Ablon, Andreas Kuehn & Therese Jones

Attack-Aware Cyber Insurance of Interdependent Computer Networks [slides]
Rui Zhang & Quanyan Zhu

Cyberinsurance and Public Policy: Self-Protection and Insurance with Endogenous Adversaries
Fabio Massacci, Joe Swierzbinski & Julian Williams

4:20-5:45pm Rump Session
Chair: Tyler Moore