INI Faculty Raise Awareness of the Economics of Security

June 08, 2010

INI faculty members Nicolas Christin and Alessandro Acquisti joined fellow leading U.S. researchers and educators at the 2010 Workshop on the Economics of Information Security (WEIS) June 7-8 at Harvard University.

In its ninth year, WEIS has become the primary forum for interdisciplinary discussion on economics and information security, a rapidly growing research field. This year's program built on past workshops to explore how economic solutions can further strengthen security. The two-day conference featured 24 peer-reviewed working papers on subjects ranging from data breaches and organizational security to economic and policy considerations for ISPs, as well as a panel on policy for payment system security.

Christin, Associate Director of the INI and a Systems Scientist at CyLab, and Acquisti, Associate Professor of Information Technology and Public Policy in the Heinz College, were members of the research team for the Please Continue to Hold study, which was presented at WEIS by lead researcher Serge Egelman of Brown University.

This empirical study examined the degree to which users will tolerate security-related delays while performing computer tasks. The team split 800 participants into eight different conditions, differentiated by the amount of delays incurred and the reason given for them. They found that users are more likely to cheat or discard their task when delayed for an unknown or vague security reason. However, users will tolerate a specified security delay (such as virus-scanning) when given a valid explanation for that delay. Christin, Acquisti, and their team members hope to expand the Please Continue to Hold study into a larger project that further investigates user behavior and information security.

"This set of findings validates that people are much more likely to accept delays and potential inconvenience linked to security when the explanation for the delay is made clearer. In other words, just saying you are being inconvenienced for vague security reasons does not help at all," Christin said. "On the other hand, telling people explicitly what these mysterious security reasons are would go a long way toward making people accept them."

Christin's other research interests on the economics of network security include understanding the economic choices people and businesses make regarding information security and finding economic ways to improve security problems, among other topics. Acquisti's primary interest in the area of overlap between economics, society, and information technology has led to extensive research examining the economics of privacy and information security, as well as the economics of computers and artificial intelligence, computational economics, and ecommerce, among others.

With the INI and Carnegie Mellon at the forefront of research into the economics of information security, both Christin and Acquisti were able to lend their expertise at WEIS and will continue to raise awareness of this growing field.

Pictured above: Nicolas Christin