This economics course provides an introduction to the field of cybersecurity through the lens of economic principles. Delivered by four leading research teams, it will provide you with the economic concepts, measurement approaches and data analytics to make better security and IT decisions, as well as understand the forces that shape the security decisions of other actors in the ecosystem of information goods and services.
Systems often fail because the organizations that defend them do not bear the full costs of failure. In order to solve the problems of growing vulnerability to computer hackers and increasing crime, solutions must coherently allocate responsibilities and liabilities so that the parties in a position to fix problems have an incentive to do so. This requires a technical comprehension of security threats combined with an economic perspective to uncover the strategies employed by cyber hackers, attackers and defenders.
The course covers five main areas:
Introduction to key concepts in security economics. Here, we provide an overview of how information security is shaped by economic mechanisms, such as misaligned incentives, information asymmetry, and externalities.
Measuring cybersecurity. We introduce state of the art security and IT metrics and conceptualize the characteristics of a security metric, its challenges and advantages.
Economics of information security investment. We discuss and apply different economic models that help determine the costs and benefits of security investments in network security.
Security market failures. We discuss market failures that may lead to cybersecurity investment levels that are insufficient from society’s perspective and other forms of unsafe behaviour in cyber space.
Behavioural economics for information security, policy and regulation. We discuss available economic tools to better align the incentives for cybersecurity, including better security metrics, cyber insurance/risk transfer, information sharing, and liability assignment.
After finishing this course, you will be able to apply economic analysis and data analytics to cybersecurity. You will understand the role played by incentives on the adoption and effectiveness of security mechanisms, and on the design of technical, market-based, and regulatory solutions to different security threats.
Mid way through this class right now. Was incredibly excited to learn it was going to be offered for free. The first time around it was offered as professional development for $250. I was working 70-90 hour weeks at the time and money was a little tight,...
Mid way through this class right now. Was incredibly excited to learn it was going to be offered for free. The first time around it was offered as professional development for $250. I was working 70-90 hour weeks at the time and money was a little tight, so I held off. I was very excited to learn that it is now offered for free, nearly two years later.
First section was good. Mostly remedial for me since I took an econ class in college related to the economics of information goods. Further I have industry experience, so I see some of this stuff first hand. First section was spot on. Ross Anderson (who taught this section) is a world renounced cryptographer. Almost won the AES standard and has developed a few other cryptographic primitives. Also has authored a book or two on security engineering.
One thing worth noting is that there are several instructors and the quality depends strongly on the instructor. The second section seems to attempt to reinvent the wheel too much. In this section, they rearrange risk management/analysis concepts under the guise of "security economics". They also develop some nonsensical models that reflect their "new discipline". Okay, perhaps nonsensical is too harsh, but I think it is a fair statement that they are not well thought out.
Some of the instructors are unable to provide any insight whatsoever and clearly lack any sort of concept of how the real world works and its associated complexities (hint: I'm a security and risk management practitioner. I live and work in the real world).
Interestingly enough, the resources you find on Ross Anderson's security economics webpage have been more insightful than the class itself: https://www.cl.cam.ac.uk/~rja14/econsec.html
I plan on finishing the course, since some of the instructors are very insightful.
Hopefully I can return and update this review later with additional positive information.