Go to Source
Systems often fail because the organizations that defend them do not bear the full costs of failure. In order to solve the problems of growing vulnerability to computer hackers and increasing crime, solutions must coherently allocate responsibilities and liabilities so that the parties in a position to fix problems have an incentive to do so. This requires a technical comprehension of security threats combined with an economic perspective to uncover the strategies employed by cyber hackers, attackers and defenders.
The course covers five main areas:
Introduction to key concepts in security economics. Here, we provide an overview of how information security is shaped by economic mechanisms, such as misaligned incentives, information asymmetry, and externalities.
Measuring cybersecurity. We introduce state of the art security and IT metrics and conceptualize the characteristics of a security metric, its challenges and advantages.
Economics of information security investment. We discuss and apply different economic models that help determine the costs and benefits of security investments in network security.
Security market failures. We discuss market failures that may lead to cybersecurity investment levels that are insufficient from society’s perspective and other forms of unsafe behaviour in cyber space.
Behavioural economics for information security, policy and regulation. We discuss available economic tools to better align the incentives for cybersecurity, including better security metrics, cyber insurance/risk transfer, information sharing, and liability assignment.
After finishing this course, you will be able to apply economic analysis and data analytics to cybersecurity. You will understand the role played by incentives on the adoption and effectiveness of security mechanisms, and on the design of technical, market-based, and regulatory solutions to different security threats.
The course materials of this course are Copyright Delft University of Technology and are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike (CC-BY-NC-SA) 4.0 International License.