Syllabus

 EconSec101x  “Economics  for  Cybersecurity”  

Course  Outline  &  Dates  

Week  One  (release  date  January  20):  Introduction  to  security  economics  

o Overview  of  the  course  

o Brief  history  of  the  field:  why  study  cybersecurity  as  an  economics  problem  
o Economics  for  engineers  
o Economics  of  information  goods  
o Security  engineering  for  economists  

Week  Two  (release  date  January  27):  Measuring  cybersecurity  

o How  to  measure  cybersecurity?  

o Metric  in  practice  
o Data  collection  and  processing  
o Case  study:  security  metrics  for  botnet  mitigation  by  ISPs  

Week  Three  (release  date  February  3):  Security  Investment  and  Management    

o Security  strategies  
§ Reasons  to  invest  in  security  for  "security  providers"  
§ Reasons  to  invest  in  security  for  "security  consumers"  

o Optimal  information  security  investment  

§ Security  cost  and  benefits  
§ Security/investment  metrics  
§ Gordon–Loeb  model  &  extensions  
§ Timing  of  security  investments  

o Risk  management  
§ Risk  acceptance  vs.  avoidance  
§ Risk  mitigation  
§ Risk  transfer:  Cyber  insurance  

o Operational  security  management  

§Secure  software  development,  patch  management,  incident  management,  
forensics,  maybe  identity  management  

Week  Four  (release  date  February  10):  Market  Failures  and  Policy    

o Market  Failures  
§ Public  goods  
§ Information  asymmetries    
§ Externalities  
 o Policy  Interventions  to  Correct  Market  Failures  
§ Ex  ante  safety  regulation/ex  post  liability    
§ Information  disclosure  (trust  seals,  certifications  and  breach  notification)  
§ Indirect  Intermediary  Liability  

o Case  study:  cooperation  and  information  sharing  

§ Phishing  takedown  
§ The  role  of  intermediaries  

o Case  study:  payment  card  industry  

Week  Five  (release  date  February  17):  The  Human  Factor  

o Introduction  to  behavioral  economics  

o  The  heuristics  and  biases  tradition  

o  Applying  behavioral  economics:  consumer  behavior  and  deception  

o The  behavioral  economics  of  privacy  

o Security  economics  and  policy  

Prerequisites  

The  course  is  accessible  for  a  broad  range  of  professionals.  Some  level  of  familiarity  with  
either  computer  science,  economics  or  policy  is  recommended.    

Grading  &  Certification  

Upon  successful  completion  of  this  course,  learners  will  be  awarded  a  DelftX  Professional  
Education  Certificate.  These  certificates  will  indicate  you  have  successfully  completed  the  
course,  but  will  not  include  a  specific  grade.  Certificates  will  be  issued  by  edX  under  the  
name  of  DelftX,  designating  the  institution  from  which  the  course  originated.  

Additionally,  the  TU  Delft  Extension  School  offers  Continuing  Education  Units  for  this  course.  
Participants  of  EconSec101x  who  successfully  complete  the  course  requirements  will  earn  a  
Certificate  of  Completion  and  are  eligible  to  receive  2.0  Continuing  Education  Units  (2.0  
CEUs)  

There  are  no  formal  due  dates  for  course  assignments  except  for  peer-­‐review  assignments  
and  problems  sets  where  the  solution  will  be  published  after  the  due  date.  However,  to  
receive  the  maximum  benefit  from  the  course,  we  suggest  that  you  complete  each  week’s  
coursework  by  noon  on  the  day  on  which  the  next  chapter  opens.  

In  order  to  receive  your  certificate  of  completion,  you  must  submit  all  coursework  (and  
receive  a  passing  grade)  by  12:00  CST  (18:00  UTC)  on  Sunday,  March  1.  

Workload  
Around  4-­‐8  hours  per  week.  

Resources  

We  will  be  using  a  custom  created  open  source  text  that  will  be  embedded  into  the  edX  
course  as  readings.  Your  reading  assignments  will  be  released  weekly  with  links  to  the  
appropriate  readings.  

Moreover,  you  will  find  ample  instructional  videos  each  week.  These  videos  (available  in  
360p,  720p  or  1080p)  including  the  subtitles,  the  transcripts  and  the  slides  used  will  be  made  
available  for  download.  Additionally,  the  lecture  slides  will  be  made  available.