BME VIK - Economics of Security and Privacy

A tantárgy neve magyarul / Name of the subject in Hungarian: Economics of Security and Privacy

3. Course coordinator and department Dr. Félegyházi Márk,

4. Instructors Dr. Félegyházi Márk senior researcher Department of Telecommunications

5. Required knowledge computer networks, network security

6. Pre-requisites

Ajánlott:
No prerequisites for this course.

7. Objectives, learning outcomes and obtained knowledge The goal of the course is to give a comprehensive overview of the economics of information security and privacy. This novel point of view is able to shed light on many security problems and promises the solutions to these problems. The economics point of view is particularly appropriate to analyze the incentives of users, service providers and other networking participants and to promises solutions to security issues that arise due to misaligned incentives. The course is taught in English.

8. Synopsis 1. week
Introduction to system security, concepts, actors and security solutions. Detailed discussion of economics issues, motivation for the participants and misaligned incentives.

2. week
Tutorial on microeconomics concepts: game theory primer, normal- and extensive-form games, game solutions and equilibrium concepts, the Prisoner's Dilemma, externalities, the Tragedy of the Commons

3. week
Interdependent security, risks and dependency, total effort, weakest link and best shot models, security investment of selfish participants and equilibrium solutions

4. week
Misaligned incentives of the participants, ISPs involvement in mitigating security risks, detailed assessment of intervention power for various participants, user motivation and its failure, asymmetric information and lemon markets

5. week
Generic model of security investments: the Gordon-Loeb model and its follow-up work, iterated security investments and investment options

6. week
The problem of spam and related issues, motivation for spammers, economics solutions for software flaws

7. week
Measuring the underground economy, spammers, carders and exploits

8. week
Information sharing models, incentives and impact to reveal security breaches, information sharing for software vulnerabilities: vulnerability markets, cooperation against phishing

9. week
Economics of privacy and anonymity, privacy issues and threats, behavioral economics point of view, user privacy evaluation, price discrimination and usability, privacy policies

10. week
Economics of privacy in social networks, privacy of Facebook, privacy policies of social networks, anonymizing private data

11. week
Adoption of security technologies, case studies of SSH and PGP, digital rights management and trusted computing

12. week
Cyber-insurance for security and privacy risk management, issues and solutions, market models, asymmetric information and correlated incidents

13-14. week
Advanced topics and additional discussion

9. Method of instruction lectures

10. Assessment a.   during the semester:
   1 test and 1 homework,   the final grade is a weighted sum computed from the grades of the test and the homework (50-50%)
b.   during the exam period:
-
c.   preliminary exam:
-

11. Recaps The test can be repeated and the homework can be submitted during the „potlasi het” according to the TVSz.

12. Consultations Information given at the course’s website

13. References, textbooks and resources Ross Anderson, Rainer Böhme, Richard Clayton, and Tyler Moore, "Security, Economics, and the Internal Market," published by the European Network and Information Security Agency (ENISA)”, 2008

14. Required learning hours and assignment

Kontakt óra	28
Félévközi készülés órákra
Felkészülés zárthelyire	16
Házi feladat elkészítése	16
Kijelölt írásos tananyag elsajátítása
Vizsgafelkészülés
Összesen	60

15. Syllabus prepared by Dr. Félegyházi Márk senior researcher BME - HIT
Dr. Levente Buttyán associate professor BME - HIT