This post is also available in: English


Duration : 24 Hours

Target Audience

The course is accessible for a broad range of professionals. Some level of familiarity with either computer science, economics or policy is recommended.

Grading & Certification

Participants of the cyber security and economics course who successfully complete the course requirements will earn a HackerU Certificate of Completion. Additionally, HackerU offers continuing education units for this course.

Pre- requisites

Background in IT as well as software development or intelligence.

Course Outline

Module 1: Introduction to Security Economics

  • Overview of the course
  • Brief history of the field: why study cyber security as an economics problem
  • Is economics souly for engineers
  • Economics of information goods
  • Security engineering for economists

Module 2: Measuring Cyber Security

  • How to measure cyber security?
  • Metric in practice
  • Data collection and processing
  • Case study: security metrics for botnet mitigation by ISPs

Module 3: Security Investment and Management

  • Security strategies
    • Reasons to invest in security for “security providers”
    • Reasons to invest in security for “security consumers”
  • Optimal information security investment
    • Security cost and benefits
    • Security/investment metrics
    • Gordon–Loeb model & extensions
    • Timing of security investments
  • Risk management
    • Risk acceptance vs. avoidance
    • Risk mitigation
    • Risk transfer: Cyber insurance
  • Operational security management
    • Secure software development, patch management, incident management, forensics, maybe identity management

Module 4: Market Failures and Policy

  • Market Failures
    • Public goods
    • Information asymmetries
    • Externalities
  • Policy Interventions to Correct Market Failures
    • Ex-ante safety regulation/ex post liability
    • Information disclosure (trust seals, certifications and breach notification)
    • Indirect Intermediary Liability
  • Case study: cooperation and information sharing
  • The role of intermediaries
  • Case study: payment card industry

Module 5: The Human Factor

  • Introduction to behavioral anomalies
  • Phishing attacks in depth
  • Best practices
  • Security economics and policy