Allison Miller, profile picture
Uploaded byAllison Miller
750 views

Something Wicked

The document discusses the intersection of big data, behavioral economics, and security through the lens of decision-making, risk management, and game theory. It emphasizes the importance of modeling and feedback in understanding decisions and post-event actions while addressing the challenges posed by adversaries and bad actors. Additionally, it offers a framework for evaluating security investments and trade-offs while highlighting the complexity of human behavior in uncertain environments.

Technology
Related topics:
Game Theory

Embed presentation

Something Wicked Defensible Social Architecture in the context of Big Data, Behavioral Econ, Bot Hives, and Bad Actors allison miller @selenakyle
a world of firewalls & moats
soylent perimeter is people
scammers phishing malware @selenakyle
troll thunderdrome
from behavior to tech to behavior
decision science + applied economics
behavior data analytics economics preferences incentives
system theory + machine learning = smarter social systems
data rules everything around me
modeling + feedback driving risk to a chokepoint decisions have cost quantified performance
models + feedback
UX Platform Back Office Event Post-decision UX Post-Txn Experience Models* Decision Strategy Score / Policy Verdict Response Post-event actions Post-event data Data aggregates (txn & acct records) Model training, testing, & builds
* speaking ground truth to power
* speaking ground truth to power
* speaking ground truth to power
decisions & cost
Authorize Block Good false positive Bad false negative Good Action Gets Blocked Bad Action Gets Through Downstream Impacts
quantified performance
%BadisTrue % Total
Gain %BadisTrue % Total
Gain %BadisTrue % Total
modeling + feedback driving risk to a chokepoint decisions have cost quantified performance
preferential treatments
no, YOU’RE irrational
behavioral... ...finance ...economics ...game theory
choice architecture opinionated design data devaluation ...competition
framing + anchoring
opinionated design are you sure?
opinionated design let’s not.
data devaluation
choice architecture opinionated design data devaluation ...other system agents
dismal scienceing
Microeconomics • Model for estimating consumption given individual preferences, under a budget constraint • Utility maximization • Preferences: Consumption mix • Good A vs Good B • Labor vs leisure • Budget constraint
Positive Normative What it is What it should be Descriptions Recommendations
Themes of Security Economics • Security ROI • Cybercrime supply chains • Market for Lemons • Make it more expensive for the attacker • Tragedy of the Commons • Risk Tolerance • Exploit/Vuln markets • Behavioral Economics / Gamification
Wicked Games Preferences Utility Money Returns Competition Tolerances Uncertainty Data Returns Adversaries Policy Analysis Graph Theory Dynamic Threat Models Cyberinsurance Security Econometrics Classification Inferior Goods Security “CPI” Incentive Design Coalitional Game Theory @selenakyle
Toolkit to Consider Security ROI  Tradeoff distributions Security Poverty Line  Inferior Goods Information Asymmetries  Signaling Repeated Games  Coalitional Game Theory Risk management  Going for V(X) vs E(X) @selenakyle
coalitional game theory consumption & maturity signal development omg risk
(you’ve just been risk-rolled btw) Concept where theory meets behavior • Expected value vs expected variance • Probability gives you both, we tend to focus on E(x) • Risk aversion is a condition that relies on V(x)
Payoffs UP DOWN CIRCLE RED BLUE MARIO LUIGI KIRBY GIZMO 10, 3 2, 10 2, 5 -3, 3 A B B A A A
An example You have $20k, but a 50/50 chance of losing $10k • Expected value? • $15k (i.e. .5($20k)+.5($10k)) Insurance costing $5k will cover full loss. Should you buy it or not? • E(X) w/insurance?  $15k (for sure) • E(X) w/o insurance  $15k (but as EITHER $10k or $20k) A risk averse individual will opt for the same E(X) w/less uncertainty (less risk) • People seek utility maximization, not payoffs • Risk, i.e. uncertainty, reduces overall utility (wealth)
An example…continued You have $20k, but a 50/50 chance of losing $10k • E(X)= $15k You are offered partial insurance costing $2.5k will cover half of the loss ($5k). @ No Loss: $17.5k ($20k – 2.5k) @ Loss: $12.5k ($20k – 2.5k – 10k – 5k) • Expected value = $15k (but as EITHER $17.5k or $12.5k) Risk, i.e. uncertainty, is reduced but there is still a $5k variance
#BOOMTIME #RISK @SELENAKYLE What this Looks like Utility Wealth E(V) U(total) U(partial) U(no insurance) 12.5 17.515
The language of risk • Some optimization functions assume *certainty* • But making decisions under uncertainty is core to: • Competition • Investment • Reality • How are we talking about risk? Focus on E(X) or V(X)?
How to Win at Risk Win or lose? • Game theory approach: maximize payoff …Tends to gravitate towards expected value • The “defender’s dilemma” assumes a risk intolerant system manager …Lower expected loss. • Optimal investments manage to value and variance …Build systems with better risk capacity …Portfolio theory, not just point performance
<regroup>
humans: how do they work?
humans: how do they work? are you sure?
by the pricking of my thumbs, something wicked this way comes. open, locks, whoever knocks.
Thank You BSidesLV! Allison Miller @selenakyle
. Some references (mostly about behavior) • Improving SSL Warnings: Comprehension and Adherence. A. Felt, A. Ainslie, R. Reeder, S. Consolvo, S. Thyagaraja, A. Bettes, H. Harris, and J. Grimes. CHI, page 2893-2902. ACM, (2015) https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43265.pdf • D. Akhawe and A. P. Felt. Alice in warningland: A large-scale field study of browser security warning effectiveness. In Proc. of USENIX Security, pages 257–272, 2013. • Ariely, Dan. Predictably Irrational: The Hidden Forces That Shape Our Decisions. New York, NY: HarperCollins, 2008. • Arthur, W Brian. All Systems will be Gamed: Exploitive Behavior in Economic and Social Systems. Santa Fe Institute: SFI WORKING PAPER: 2014-06- 016. http://tuvalu.santafe.edu/~wbarthur/Papers/All%20Systems%20Gamed.pdf To appear in Complexity and the Economy, W. B Arthur, Oxford University Press, 2014 • Kahneman, Daniel. Thinking, Fast and Slow. New York: Farrar, Straus and Giroux, 2011. • Leyton-Brown, Kevin, and Yoav Shoham. Essentials of Game Theory: A Concise, Multidisciplinary Introduction. [San Rafael, Calif.]: Morgan & Claypool, 2008. • Meadows, Donella. Thinking in Systems: A Primer. London: Chelsea Green Publishing, 2008.
. More references (mostly about decisions & game theory) • Axelrod, Robert M. The Evolution of Cooperation. New York: Basic, 1984. • Dixit, Avinash and Nalebuff, Barry. The Art of Strategy: A Game Theorist’s Guide to Success in Business and in Life. • Dormehl, Luke. Thinking Machines. Tarcher Perigee. New York, 2017. • Fisher, Len. Rock, Paper, Scissors: Game Theory in Everyday Life. New York: Basic, 2008. • Gibbons, Robert. Game Theory for Applied Economists. Princeton, NJ: Princeton UP, 1992. • Gintis, Herbert. Game Theory Evolving: A Problem-centered Introduction to Modeling Strategic Behavior. Princeton, NJ: Princeton UP, 2000. • Ignacio Palacios-Heurta (2003) “Professionals Play Minimax”. Review of Economic Studies, Volume 70, pp 395-415. • Jackson, Leyton-Brown & Shoham. Game Theory. (Stanford University and University of British Columbia: Coursera), http://www.coursera.org, Accessed 2013. • Polak, Ben. Game Theory (Yale University: Open Yale Courses), http://oyc.yale.edu, Accessed 2012. License: Creative Commons BY-NC-SA Thomas, L. C. Games, Theory, and Applications. Chichester: E. Horwood, 1984. • Wikipedia’s sections on Game Theory, Economics, & Probability.
. Even more references (mostly about security economics)• Anderson, Ross. "Risk and Privacy Implications of Consumer Payment Innovation." PDF available at http://www.cl.cam.ac.uk/~rja14/Papers/anderson-frb-kansas-mar27.pdf Paper presented at "Consumer Payment Innovation in the Connected Age" conference took place March 29-30, 2012, in Kansas City, Mo. • Anderson, Ross, Chris Barton, Rainer Bohme, Richard Clayton, Michel J.G. van Eeten, Michael Levi, Tyler Moore, and Stefan Savage. “Measuring the cost of cybercrime”. (2012) PDF available at: http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf. • Camp, L. Jean and Wolfram, Catherine D., “Pricing Security: Vulnerabilities as Externalities.” Economics of Information Security, Vol. 12, 2004. Available at SSRN: http://ssrn.com/abstract=894966. • MacCarthy, Mark. “Information Security Policy in the U.S. Retail Payments Industry.” Workshop on the Economics of Information Security, June 2010. • Sullivan, Richard J. “The Changing Nature of U.S. Card Payment Fraud: Issues for Industry and Public Policy.” For presentation at the 2010 Workshop of Economics of Information Security. May 21, 2010. • Skeen, Dale. "How Real-Time Analytics Protects Banks from Large Scale Cyber Attacks." Information Security Buzz, accessed Feb 23, 2014. http://www.informationsecuritybuzz.com/real-time-analytics- protects-banks-large-scale-cyberattacks/ • Varian, Hal. “Managing Online Security Risks.” New York Times; New York, N.Y.; Jun 1,2000.

More Related Content

PDF
Boomtime: Risk as Economics (Allison Miller, SiRAcon15)
byAllison Miller
 
PDF
Practical AI workshop, AWS pop-up loft SF, June 20 2017 --- Data design & eco...
byTwain Liu 刘秋艳
 
PDF
Algorithmic fairness
byAlexey Grigorev
 
PDF
2012.12 Games We Play: Defenses & Disincentives
byAllison Miller
 
PDF
Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
byKelly Shortridge
 
PDF
2013.05 Games We Play: Payoffs & Chaos Monkeys
byAllison Miller
 
PDF
Volatile Memory: Behavioral Game Theory in Defensive Security
byKelly Shortridge
 
PDF
BOTNET ECONOMICS AND DEVISING DEFENCE SCHEMES FROM ATTACKER’S OWN REWARD PROC...
byIJNSA Journal
 
Boomtime: Risk as Economics (Allison Miller, SiRAcon15)
byAllison Miller
 
Practical AI workshop, AWS pop-up loft SF, June 20 2017 --- Data design & eco...
byTwain Liu 刘秋艳
 
Algorithmic fairness
byAlexey Grigorev
 
2012.12 Games We Play: Defenses & Disincentives
byAllison Miller
 
Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
byKelly Shortridge
 
2013.05 Games We Play: Payoffs & Chaos Monkeys
byAllison Miller
 
Volatile Memory: Behavioral Game Theory in Defensive Security
byKelly Shortridge
 
BOTNET ECONOMICS AND DEVISING DEFENCE SCHEMES FROM ATTACKER’S OWN REWARD PROC...
byIJNSA Journal
 

Similar to Something Wicked

PDF
BOTNET ECONOMICS AND DEVISING DEFENCE SCHEMES FROM ATTACKER’S OWN REWARD PROC...
byIJNSA Journal
 
PPTX
R af d
byWilliam L. McGill
 
PPTX
Risk Analysis for Dummies
byWilliam L. McGill
 
PPTX
Do Banks Take Excessive Risks?
byEd Dolan
 
PDF
Risk management 6 mistakes
byAlan Haller
 
PDF
Risk management 6 mistakes
byAlan Haller
 
PDF
Kahneman 2003 psychological perspective on economics
byNelsio Abreu
 
PPTX
Policies and Stragegies for Digital ImpactSinit IAD keynotex.pptx
byMyles Freedman
 
PDF
Preparing for Resilience
byDr Rupert Booth
 
PDF
Rules of Order: Policy-Making as Game Design?
bySebastian Deterding
 
PDF
Systems Based Gamification Volumen II: Complex Systems
byEugene Sheely
 
DOCX
Incomplete InformationBayesian Nash Equilibrium and Asymmetric.docx
byannettsparrow
 
PPTX
Ransomware & Game Theory: To Pay, or Not to Pay?
byTony Martin-Vegue
 
PDF
The Guidance Of An Enterprise Economy Shubik Martin Smith Eric
bywisumzlajo
 
PPT
econlaw.ppt
byKiranTiwari42
 
PDF
Eco secu infocom
by92pawansingh
 
PPT
Kw Chapter1 Student Slides
bybudrecki
 
PPT
GDRR Opening Workshop - PANEL SESSION: Computational Challenges in Game-Theor...
byThe Statistical and Applied Mathematical Sciences Institute
 
PDF
SECURITY BRIEFING companion to HPSR Security Briefing 13
byAngela Gunn
 
PPT
Game theory application
byshakebaumar
 
BOTNET ECONOMICS AND DEVISING DEFENCE SCHEMES FROM ATTACKER’S OWN REWARD PROC...
byIJNSA Journal
 
R af d
byWilliam L. McGill
 
Risk Analysis for Dummies
byWilliam L. McGill
 
Do Banks Take Excessive Risks?
byEd Dolan
 
Risk management 6 mistakes
byAlan Haller
 
Risk management 6 mistakes
byAlan Haller
 
Kahneman 2003 psychological perspective on economics
byNelsio Abreu
 
Policies and Stragegies for Digital ImpactSinit IAD keynotex.pptx
byMyles Freedman
 
Preparing for Resilience
byDr Rupert Booth
 
Rules of Order: Policy-Making as Game Design?
bySebastian Deterding
 
Systems Based Gamification Volumen II: Complex Systems
byEugene Sheely
 
Incomplete InformationBayesian Nash Equilibrium and Asymmetric.docx
byannettsparrow
 
Ransomware & Game Theory: To Pay, or Not to Pay?
byTony Martin-Vegue
 
The Guidance Of An Enterprise Economy Shubik Martin Smith Eric
bywisumzlajo
 
econlaw.ppt
byKiranTiwari42
 
Eco secu infocom
by92pawansingh
 
Kw Chapter1 Student Slides
bybudrecki
 
GDRR Opening Workshop - PANEL SESSION: Computational Challenges in Game-Theor...
byThe Statistical and Applied Mathematical Sciences Institute
 
SECURITY BRIEFING companion to HPSR Security Briefing 13
byAngela Gunn
 
Game theory application
byshakebaumar
 

More from Allison Miller

PPTX
When Algorithms Are Our Co-Pilots
byAllison Miller
 
PDF
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
byAllison Miller
 
PDF
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
byAllison Miller
 
PDF
2014.06 Defending Debit
byAllison Miller
 
PDF
2014.04 Bit, Bit, Coin
byAllison Miller
 
PDF
2013.10 Operating * by the Numbers
byAllison Miller
 
PDF
2011.04 How to Isotope Tag a Ghost
byAllison Miller
 
When Algorithms Are Our Co-Pilots
byAllison Miller
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
byAllison Miller
 
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
byAllison Miller
 
2014.06 Defending Debit
byAllison Miller
 
2014.04 Bit, Bit, Coin
byAllison Miller
 
2013.10 Operating * by the Numbers
byAllison Miller
 
2011.04 How to Isotope Tag a Ghost
byAllison Miller
 

Recently uploaded

PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PPTX
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
PDF
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
API-First Architecture in Financial Systems
bycyy111112
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 

Something Wicked

  • 1.
    Something Wicked Defensible Social Architecturein the context of Big Data, Behavioral Econ, Bot Hives, and Bad Actors allison miller @selenakyle
  • 2.
    a world offirewalls & moats
  • 5.
  • 6.
  • 7.
  • 9.
    from behavior totech to behavior
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
    modeling + feedback drivingrisk to a chokepoint decisions have cost quantified performance
  • 15.
  • 16.
    UX Platform Back Office Event Post-decision UX Post-Txn Experience Models* Decision Strategy Score / Policy Verdict ResponsePost-event actions Post-event data Data aggregates (txn & acct records) Model training, testing, & builds
  • 17.
    * speaking groundtruth to power
  • 18.
    * speaking groundtruth to power
  • 19.
    * speaking groundtruth to power
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
    modeling + feedback drivingrisk to a chokepoint decisions have cost quantified performance
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
    choice architecture opinionated design datadevaluation ...other system agents
  • 36.
  • 37.
    Microeconomics • Model forestimating consumption given individual preferences, under a budget constraint • Utility maximization • Preferences: Consumption mix • Good A vs Good B • Labor vs leisure • Budget constraint
  • 38.
    Positive Normative What it is Whatit should be Descriptions Recommendations
  • 39.
    Themes of SecurityEconomics • Security ROI • Cybercrime supply chains • Market for Lemons • Make it more expensive for the attacker • Tragedy of the Commons • Risk Tolerance • Exploit/Vuln markets • Behavioral Economics / Gamification
  • 40.
    Wicked Games Preferences Utility Money Returns Competition Tolerances Uncertainty Data Returns Adversaries Policy Analysis GraphTheory Dynamic Threat Models Cyberinsurance Security Econometrics Classification Inferior Goods Security “CPI” Incentive Design Coalitional Game Theory @selenakyle
  • 41.
    Toolkit to Consider SecurityROI  Tradeoff distributions Security Poverty Line  Inferior Goods Information Asymmetries  Signaling Repeated Games  Coalitional Game Theory Risk management  Going for V(X) vs E(X) @selenakyle
  • 42.
    coalitional game theory consumption& maturity signal development omg risk
  • 43.
    (you’ve just beenrisk-rolled btw) Concept where theory meets behavior • Expected value vs expected variance • Probability gives you both, we tend to focus on E(x) • Risk aversion is a condition that relies on V(x)
  • 44.
  • 45.
    An example You have$20k, but a 50/50 chance of losing $10k • Expected value? • $15k (i.e. .5($20k)+.5($10k)) Insurance costing $5k will cover full loss. Should you buy it or not? • E(X) w/insurance?  $15k (for sure) • E(X) w/o insurance  $15k (but as EITHER $10k or $20k) A risk averse individual will opt for the same E(X) w/less uncertainty (less risk) • People seek utility maximization, not payoffs • Risk, i.e. uncertainty, reduces overall utility (wealth)
  • 46.
    An example…continued You have$20k, but a 50/50 chance of losing $10k • E(X)= $15k You are offered partial insurance costing $2.5k will cover half of the loss ($5k). @ No Loss: $17.5k ($20k – 2.5k) @ Loss: $12.5k ($20k – 2.5k – 10k – 5k) • Expected value = $15k (but as EITHER $17.5k or $12.5k) Risk, i.e. uncertainty, is reduced but there is still a $5k variance
  • 47.
    #BOOMTIME #RISK @SELENAKYLE Whatthis Looks like Utility Wealth E(V) U(total) U(partial) U(no insurance) 12.5 17.515
  • 48.
    The language ofrisk • Some optimization functions assume *certainty* • But making decisions under uncertainty is core to: • Competition • Investment • Reality • How are we talking about risk? Focus on E(X) or V(X)?
  • 49.
    How to Winat Risk Win or lose? • Game theory approach: maximize payoff …Tends to gravitate towards expected value • The “defender’s dilemma” assumes a risk intolerant system manager …Lower expected loss. • Optimal investments manage to value and variance …Build systems with better risk capacity …Portfolio theory, not just point performance
  • 50.
  • 51.
    humans: how dothey work?
  • 52.
    humans: how dothey work? are you sure?
  • 53.
    by the prickingof my thumbs, something wicked this way comes. open, locks, whoever knocks.
  • 54.
    Thank You BSidesLV! AllisonMiller @selenakyle
  • 55.
    . Some references (mostlyabout behavior) • Improving SSL Warnings: Comprehension and Adherence. A. Felt, A. Ainslie, R. Reeder, S. Consolvo, S. Thyagaraja, A. Bettes, H. Harris, and J. Grimes. CHI, page 2893-2902. ACM, (2015) https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43265.pdf • D. Akhawe and A. P. Felt. Alice in warningland: A large-scale field study of browser security warning effectiveness. In Proc. of USENIX Security, pages 257–272, 2013. • Ariely, Dan. Predictably Irrational: The Hidden Forces That Shape Our Decisions. New York, NY: HarperCollins, 2008. • Arthur, W Brian. All Systems will be Gamed: Exploitive Behavior in Economic and Social Systems. Santa Fe Institute: SFI WORKING PAPER: 2014-06- 016. http://tuvalu.santafe.edu/~wbarthur/Papers/All%20Systems%20Gamed.pdf To appear in Complexity and the Economy, W. B Arthur, Oxford University Press, 2014 • Kahneman, Daniel. Thinking, Fast and Slow. New York: Farrar, Straus and Giroux, 2011. • Leyton-Brown, Kevin, and Yoav Shoham. Essentials of Game Theory: A Concise, Multidisciplinary Introduction. [San Rafael, Calif.]: Morgan & Claypool, 2008. • Meadows, Donella. Thinking in Systems: A Primer. London: Chelsea Green Publishing, 2008.
  • 56.
    . More references (mostlyabout decisions & game theory) • Axelrod, Robert M. The Evolution of Cooperation. New York: Basic, 1984. • Dixit, Avinash and Nalebuff, Barry. The Art of Strategy: A Game Theorist’s Guide to Success in Business and in Life. • Dormehl, Luke. Thinking Machines. Tarcher Perigee. New York, 2017. • Fisher, Len. Rock, Paper, Scissors: Game Theory in Everyday Life. New York: Basic, 2008. • Gibbons, Robert. Game Theory for Applied Economists. Princeton, NJ: Princeton UP, 1992. • Gintis, Herbert. Game Theory Evolving: A Problem-centered Introduction to Modeling Strategic Behavior. Princeton, NJ: Princeton UP, 2000. • Ignacio Palacios-Heurta (2003) “Professionals Play Minimax”. Review of Economic Studies, Volume 70, pp 395-415. • Jackson, Leyton-Brown & Shoham. Game Theory. (Stanford University and University of British Columbia: Coursera), http://www.coursera.org, Accessed 2013. • Polak, Ben. Game Theory (Yale University: Open Yale Courses), http://oyc.yale.edu, Accessed 2012. License: Creative Commons BY-NC-SA Thomas, L. C. Games, Theory, and Applications. Chichester: E. Horwood, 1984. • Wikipedia’s sections on Game Theory, Economics, & Probability.
  • 57.
    . Even more references(mostly about security economics)• Anderson, Ross. "Risk and Privacy Implications of Consumer Payment Innovation." PDF available at http://www.cl.cam.ac.uk/~rja14/Papers/anderson-frb-kansas-mar27.pdf Paper presented at "Consumer Payment Innovation in the Connected Age" conference took place March 29-30, 2012, in Kansas City, Mo. • Anderson, Ross, Chris Barton, Rainer Bohme, Richard Clayton, Michel J.G. van Eeten, Michael Levi, Tyler Moore, and Stefan Savage. “Measuring the cost of cybercrime”. (2012) PDF available at: http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf. • Camp, L. Jean and Wolfram, Catherine D., “Pricing Security: Vulnerabilities as Externalities.” Economics of Information Security, Vol. 12, 2004. Available at SSRN: http://ssrn.com/abstract=894966. • MacCarthy, Mark. “Information Security Policy in the U.S. Retail Payments Industry.” Workshop on the Economics of Information Security, June 2010. • Sullivan, Richard J. “The Changing Nature of U.S. Card Payment Fraud: Issues for Industry and Public Policy.” For presentation at the 2010 Workshop of Economics of Information Security. May 21, 2010. • Skeen, Dale. "How Real-Time Analytics Protects Banks from Large Scale Cyber Attacks." Information Security Buzz, accessed Feb 23, 2014. http://www.informationsecuritybuzz.com/real-time-analytics- protects-banks-large-scale-cyberattacks/ • Varian, Hal. “Managing Online Security Risks.” New York Times; New York, N.Y.; Jun 1,2000.