Admission requirements
Admission only after intake, see https://www.csacademy.nl/en/education/master-s-programmes/executive-master-s-programme-cyber-security.
Elective in master’s programme Cyber Security.
Description
This course aims at:
Students (technical and non-technical) who are expected to deal with on the “economic” forces that shape cyber security policies or actions.
Students who are expected to design or anticipate on market incentives based cyber security measures and policies.
This course provides an elaboration on the relation between economic theory and practice and cyber- and information security, which is covered briefly in previous semesters. Concepts from economics that are key in understanding the relation between economics and cyber security are introduced and applied to real world situations. The recent rise of interest in of cyber security insurance as a risk transfer instrument within risk management frameworks is the motivation to use this topic as an illustration of the application of the concepts in a more extensive analysis.
During the course first an overview is given of current status of cyber- and information security with relation to economics. The introduction immediately gives rise to questions like: What is the estimated damage to the Dutch economy due to cybercrime? How can cybersecurity incidents or failures be understood from the incentives of market parties involved in delivering these services? What are the (economic) consequences of a lack of cyber security and therefore trust for subjects like privacy, identity, e-commerce etc. How can we measure security and its effects? Why are the markets not working sufficiently? Can conditions be designed such that incentives line up to create a functioning market? What role play regulation, standards and liabilities in this context? Does the market for commercial CA’s work? How to improve it? Who should invest in security? End users? ISP’s? What is the ROI on cyber security investments for these parties?
During the course the following (non-exhaustive) list of concepts is discussed in relation to the above questions:
Asymmetric information, lemons market, externalities, indivisibility of investments, misalignment of incentives, network interdependence, markets and incentives, availability, integrity, privacy, identity, decisions under uncertainty, tragedy of the commons, adverse selection, insurance, risk mitigation, risk avoidance, risk acceptance, risk transfer, costs, benefits, ROI, liability, regulation, metrics, underreporting, moral hazard.
The above concepts are subsequently applied to above stated questions as well as to questions raised by the discussions between the students.
Course objectives
Participants have:
a basic knowledge and understanding of the key economic forces that drive cyber risk security in practice.
a basic knowledge and understanding of the government’s policy options with regard to cyber security and its consequences for businesses and individuals.
a basic understanding of the concept of cyber security insurance, its potential and its role within a risk management framework and the current problems associated with cyber security Insurance.
Participants are able to:
understand concepts such as incentives, information asymmetry, externalities, indivisibility of investments, moral hazard, network interdependence and their consequences for cyber security.
apply these concepts and knowledge in evaluating cyber security models and proposals, determine which factors will contribute positively, negatively to cyber security.
understand the economic effects of regulation, liabilities and standards on structure of markets relevant to cyber security
determine how economic reasoning and methodology helps to better address cyber security issues. This from the perspective of government as well as businesses to explain and discuss the application of economic concepts with respect to cyber security with technical staff as well as management and/or policy departments.
Timetable
5 Fridays from 9.30 until 17.00, either in April/May or in June/July, to be scheduled dependant on preferences of participants
Mode of instruction
(Online) lectures, seminars, exercises, class discussion.
Lecturers: Prof.dr. M.J.G van Eeten (TUD) and others.
Course Load
4 EC.
Assessment method
Assignment (100%), each week: short reflection on that week’s content.
You can find more information about assessments and the timetable exams on the website.
Details for submitting papers (deadlines) are posted on Blackboard.
On the Public Administration front page of the E-guide you will find links to the website, uSis and Blackboard.
Resit
Students will be permitted to resit an examination if they have taken the first sit and have a mark lower than 5.5 or with permission of the Board of Examiners.
Resit written exam
Students that want to take part in a resit for a written exam, are required to register via uSis. Use the activity number that can be found on the ‘timetable exams’.
Blackboard
Yes, for posting slides of lectures, relevant literature and assignments.
Reading list
Compulsory literature and literature for further consultation will be announced via Blackboard.
Registration
Use both uSis and Blackboard to register for every course.
Register for every course and workgroup via uSis. Some courses and workgroups have a limited number of participants, so register on time (before the course starts). In uSis you can access your personal schedule and view your results. Registration in uSis is possible from four weeks before the start of the course.
Also register for every course in Blackboard. Important information about the course is posted here.
Registration Studeren à la carte and Contractonderwijs
NVT.
Contact
Drs. Mireille Snels, programme manager:
m.m.snels@fgga.leidenuniv.nl
Pauline Hutten MSc, programme coordinator:
p.e.hutten@fgga.leidenuniv.nl
Remarks
See https://www.csacademy.nl/en/education/master-s-programmes/executive-master-s-programme-cyber-security.