EoS

4TU.CybSec Syllabus Economics of Cybersecurity (EoS)
4TU Delft
4TU Eindhoven
4TU Twente
4TU Wageningen

Credits: 5EC

Motivation: Information systems are particularly prone to security failure when the organization protecting them does not bear the full cost of failure. This observation is simple, yet it has profound implications and is often overlooked by many experts trying to improve cybersecurity. It is one of the many ways in which economic incentives drive the development and adoption of security technologies.

This course will provide an overview of the emerging approaches to study the interaction between cybersecurity and economic forces. We will examine different economic challenges affecting cybersecurity: misaligned incentives, information asymmetries and externalities. Drawing on economics, computer science and public policy, we will analyze cybersecurity in the real world, as well as identify ways to improve it.

Synopsis: The goal of this course is to give a comprehensive overview of the economics of information security. The economics point of view is particularly appropriate to analyse the incentives of users, service providers and other networking participants and promises solutions to security issues that arise due to misaligned incentives. This novel point of view is able to shed light on many security problems and solutions to these problems. The objective of this course is to highlight in a tangible manner the importance of economic aspects of security in different areas of businesses. Moreover, the course aims to validate, analyse and prioritise the key issues in each area.

Aim: To get knowledge, understanding and skills with respect to:

  • identifying key problems in information security and distinguish non-technical obstacles
  • recognizing economic concepts and applying them to information security problems
  • employing security metrics and explain their limitations
  • regulations and the role of the different participants in security defence
  • techniques for collecting and analysing data on information security topics

Learning outcomes: The student will:

  • Gain a sound understanding of the economics of cybersecurity as a systems discipline, from security policies (modelling what ought to be protected) to mechanisms (how to implement the protection goals).
  • Obtain skills in collecting and analysing data on information security issues
  • Gain insights into the design of effective policies to enhance and maintain cyber security must take into account a complex set of incentives facing not only the providers and users of the internet and computer software, but also those of potential attackers
  • Learn to apply economic analysis and data analytics to the open issues and pending activities in cybersecurity.

Lecturers: Dr Ir Carlos H. Gañán (TUD/TPM) and Prof Dr Michel van Eeten (TUD/TPM)

Examination: The final grade is based on a short research proposal, a presentation and a final case study report.

Contents: key concepts from information security and economic; economics of spam; security metrics; standard models and metrics of security investment; measuring cybercrime; state of the art in cybercrime and its flourishing underground economy;  phishing, and other security exploits; economics of privacy; incentives, rationality, and security decision making; regulations and the role of ISPs in security defense; market insurance for security and privacy; economic tools for improving information security; including cyber insurance/risk transfer, information sharing, and liability assignment.

Core text: Various papers from the literature, supported by a syllabus.

Limitation: A maximum number of 20 students may participate in the course.

Credits: 5EC

Motivation: Information systems are particularly prone to security failure when the organization protecting them does not bear the full cost of failure. This observation is simple, yet it has profound implications and is often overlooked by many experts trying to improve cybersecurity. It is one of the many ways in which economic incentives drive the development and adoption of security technologies.

This course will provide an overview of the emerging approaches to study the interaction between cybersecurity and economic forces. We will examine different economic challenges affecting cybersecurity: misaligned incentives, information asymmetries and externalities. Drawing on economics, computer science and public policy, we will analyze cybersecurity in the real world, as well as identify ways to improve it.

Synopsis: The goal of this course is to give a comprehensive overview of the economics of information security. The economics point of view is particularly appropriate to analyse the incentives of users, service providers and other networking participants and promises solutions to security issues that arise due to misaligned incentives. This novel point of view is able to shed light on many security problems and solutions to these problems. The objective of this course is to highlight in a tangible manner the importance of economic aspects of security in different areas of businesses. Moreover, the course aims to validate, analyse and prioritise the key issues in each area.

Aim: To get knowledge, understanding and skills with respect to:

  • identifying key problems in information security and distinguish non-technical obstacles
  • recognizing economic concepts and applying them to information security problems
  • employing security metrics and explain their limitations
  • regulations and the role of the different participants in security defence
  • techniques for collecting and analysing data on information security topics

Learning outcomes: The student will:

  • Gain a sound understanding of the economics of cybersecurity as a systems discipline, from security policies (modelling what ought to be protected) to mechanisms (how to implement the protection goals).
  • Obtain skills in collecting and analysing data on information security issues
  • Gain insights into the design of effective policies to enhance and maintain cyber security must take into account a complex set of incentives facing not only the providers and users of the internet and computer software, but also those of potential attackers
  • Learn to apply economic analysis and data analytics to the open issues and pending activities in cybersecurity.

Lecturers: Dr Ir Carlos H. Gañán (TUD/TPM) and Prof Dr Michel van Eeten (TUD/TPM)

Examination: The final grade is based on a short research proposal, a presentation and a final case study report.

Contents: key concepts from information security and economic; economics of spam; security metrics; standard models and metrics of security investment; measuring cybercrime; state of the art in cybercrime and its flourishing underground economy;  phishing, and other security exploits; economics of privacy; incentives, rationality, and security decision making; regulations and the role of ISPs in security defense; market insurance for security and privacy; economic tools for improving information security; including cyber insurance/risk transfer, information sharing, and liability assignment.

Core text: Various papers from the literature, supported by a syllabus.

Limitation: A maximum number of 20 students may participate in the course.

EoS

Credits: 5EC

Motivation: Information systems are particularly prone to security failure when the organization protecting them does not bear the full cost of failure. This observation is simple, yet it has profound implications and is often overlooked by many experts trying to improve cybersecurity. It is one of the many ways in which economic incentives drive the development and adoption of security technologies.

This course will provide an overview of the emerging approaches to study the interaction between cybersecurity and economic forces. We will examine different economic challenges affecting cybersecurity: misaligned incentives, information asymmetries and externalities. Drawing on economics, computer science and public policy, we will analyze cybersecurity in the real world, as well as identify ways to improve it.

Synopsis: The goal of this course is to give a comprehensive overview of the economics of information security. The economics point of view is particularly appropriate to analyse the incentives of users, service providers and other networking participants and promises solutions to security issues that arise due to misaligned incentives. This novel point of view is able to shed light on many security problems and solutions to these problems. The objective of this course is to highlight in a tangible manner the importance of economic aspects of security in different areas of businesses. Moreover, the course aims to validate, analyse and prioritise the key issues in each area.

Aim: To get knowledge, understanding and skills with respect to:

  • identifying key problems in information security and distinguish non-technical obstacles
  • recognizing economic concepts and applying them to information security problems
  • employing security metrics and explain their limitations
  • regulations and the role of the different participants in security defence
  • techniques for collecting and analysing data on information security topics

Learning outcomes: The student will:

  • Gain a sound understanding of the economics of cybersecurity as a systems discipline, from security policies (modelling what ought to be protected) to mechanisms (how to implement the protection goals).
  • Obtain skills in collecting and analysing data on information security issues
  • Gain insights into the design of effective policies to enhance and maintain cyber security must take into account a complex set of incentives facing not only the providers and users of the internet and computer software, but also those of potential attackers
  • Learn to apply economic analysis and data analytics to the open issues and pending activities in cybersecurity.

Lecturers: Dr Ir Carlos H. Gañán (TUD/TPM) and Prof Dr Michel van Eeten (TUD/TPM)

Examination: The final grade is based on a short research proposal, a presentation and a final case study report.

Contents: key concepts from information security and economic; economics of spam; security metrics; standard models and metrics of security investment; measuring cybercrime; state of the art in cybercrime and its flourishing underground economy;  phishing, and other security exploits; economics of privacy; incentives, rationality, and security decision making; regulations and the role of ISPs in security defense; market insurance for security and privacy; economic tools for improving information security; including cyber insurance/risk transfer, information sharing, and liability assignment.

Core text: Various papers from the literature, supported by a syllabus.

Limitation: A maximum number of 20 students may participate in the course.

Credits: 5EC

Motivation: Information systems are particularly prone to security failure when the organization protecting them does not bear the full cost of failure. This observation is simple, yet it has profound implications and is often overlooked by many experts trying to improve cybersecurity. It is one of the many ways in which economic incentives drive the development and adoption of security technologies.

This course will provide an overview of the emerging approaches to study the interaction between cybersecurity and economic forces. We will examine different economic challenges affecting cybersecurity: misaligned incentives, information asymmetries and externalities. Drawing on economics, computer science and public policy, we will analyze cybersecurity in the real world, as well as identify ways to improve it.

Synopsis: The goal of this course is to give a comprehensive overview of the economics of information security. The economics point of view is particularly appropriate to analyse the incentives of users, service providers and other networking participants and promises solutions to security issues that arise due to misaligned incentives. This novel point of view is able to shed light on many security problems and solutions to these problems. The objective of this course is to highlight in a tangible manner the importance of economic aspects of security in different areas of businesses. Moreover, the course aims to validate, analyse and prioritise the key issues in each area.

Aim: To get knowledge, understanding and skills with respect to:

  • identifying key problems in information security and distinguish non-technical obstacles
  • recognizing economic concepts and applying them to information security problems
  • employing security metrics and explain their limitations
  • regulations and the role of the different participants in security defence
  • techniques for collecting and analysing data on information security topics

Learning outcomes: The student will:

  • Gain a sound understanding of the economics of cybersecurity as a systems discipline, from security policies (modelling what ought to be protected) to mechanisms (how to implement the protection goals).
  • Obtain skills in collecting and analysing data on information security issues
  • Gain insights into the design of effective policies to enhance and maintain cyber security must take into account a complex set of incentives facing not only the providers and users of the internet and computer software, but also those of potential attackers
  • Learn to apply economic analysis and data analytics to the open issues and pending activities in cybersecurity.

Lecturers: Dr Ir Carlos H. Gañán (TUD/TPM) and Prof Dr Michel van Eeten (TUD/TPM)

Examination: The final grade is based on a short research proposal, a presentation and a final case study report.

Contents: key concepts from information security and economic; economics of spam; security metrics; standard models and metrics of security investment; measuring cybercrime; state of the art in cybercrime and its flourishing underground economy;  phishing, and other security exploits; economics of privacy; incentives, rationality, and security decision making; regulations and the role of ISPs in security defense; market insurance for security and privacy; economic tools for improving information security; including cyber insurance/risk transfer, information sharing, and liability assignment.

Core text: Various papers from the literature, supported by a syllabus.

Limitation: A maximum number of 20 students may participate in the course.