Welcome to CSE5390/7390: Economics of Information Security

Course Description

Meeting time: Tuesdays and Thursdays 5pm - 6:20pm

Instructor: Tyler Moore

Email: tylerm@smu.edu

Course Summary and Goals

If you are interested in answering questions such as these, then CSE5390/7390 is the course for you.

Economics puts the challenges facing information security into perspective better than a purely technical approach does. Systems often fail because the organizations that defend them do not bear the full costs of failure. In order to solve the problems of growing vulnerability and increasing crime, solutions must coherently allocate responsibilities and liabilities so that the parties in a position to fix problems have an incentive to do so. This requires a technical comprehension of security threats combined with an economic perspective to uncover the strategies employed by attackers and defenders.

The goal of this course is to provide the balanced technical and economic perspective necessary to adequately manage information security threats. We start by discussing the economic challenges facing information security in greater detail: misaligned incentives, information asymmetries, and externalities. We then examine the tools defenders need to manage information security, principally techniques for measuring security. We introduce modeling techniques in order to more formally examine the trade-offs inherent to information security investment.

We devote considerable effort to studying the behavior of real-world attackers and defenders. This includes modeling, but also techniques for data collection and analysis. Finally, we consider the extent to which firms can offer adequate defense, as well as the circumstances under which public policy interventions may be required.

Course Flyer

Flyer advertising the course.