Back in 2015 I helped record a course in security economics in a project driven by colleagues from Delft. This was launched as an EDX MOOC as well as becoming part of the Delft syllabus, and it has been used in many other courses worldwide. In Brussels, in December, a Ukrainian officer told me they use it in their cyber defence boot camp.
There’s been a lot of progress in security economics over the past seven years; see for example the liveblogs of the workshop on the economics of information security here. So it’s time to update the course, and we’ll be working on that between now and May.
If there are any topics you think we should cover, or any bugs you’d like to report, please get in touch!
3 thoughts on “Security economics course”
Reviewed the current course , few items to consider for future iterations , since lots of advances happened since 2015
1. Cyber Risk Quantification (FAIR and Other Models) – Both Pros and Cons
2. Cost of Security Investments and calculating ROIs
3. Security Budgets Planning
4. Cyber Insurance
Regarding the Human Factors part of the course, most of it nowadays is focused on using behavioural science to “nudge” the user in performing desired target security behaviours. While this might be more efficient than traditional Security Awareness strategies (compliance metrics, Phishing simulations, training videos, etc). I’ve been researching this for the past years and I believe the industry is looking at it from the wrong perspective. If you wish to have a deeper conversation on this please reach out using the contact provided.
Not sure if this is covered but two user experience factors should be looked at:
a) the change in friction/usability of newer authentication factors e.g. WebAuthN from Apple protected with FaceID/TouchID is a better experience (quicker, easier) than typing a password and OTP or even just an email magic link.
b) how to balance friction of authentication/signup vs risk and the use of step up authentication/enrolment only when it makes sense. e.g. making a purchase/changing a flight.