About this course

Overview

Early Bird Discount
 

Take advantage of Early Bird price (20% Off). Enroll now using code EARLY2025valid until November 15, 2024.
 

Are humans the weakest link in cybersecurity? Using an economics perspective, this course will give you the latest insights into the behavior of users and cyber criminals, so that you can design the best responses to guard your organization against most critical risks. 

Many organizational security breaches can be traced back to the actions of individuals. These may include systems not being patched, malicious attachments being opened, credentials being entered into phishing sites etc. So the security of organizations critically depends on the security behaviors of their users. This insight is often summarized as the “humans are the weakest link”. 

But this widely held view is both incorrect and unproductive. Organizations often misunderstand the reasons why their users are not complying with security policies. Security comes with costs, and human users of security protocols experience costs of their own. These may be time, effort and switching between security and other tasks. With a multitude of other pressures, it is understandable that individuals will sometimes ignore security advice. 

The first part of this course provides you with an understanding of user behavior informed by a wealth of empirical research in security economics. This will help professionals in IT, consulting and security in designing better policies to safeguard the security of organizations. It will also support professionals working on broader policies to protect and empower home users to improve their security.

The second part of the course shifts the focus from the defenders to the attackers. What threat actors do organizations face? Here, we bring together the latest insights from research into attacker economics. What are the categories of cybercriminals? How do they operate? How effective are interventions to disrupt criminal marketplaces? These insights will help professionals doing risk assessment and threat analysis, as well as law enforcement professionals designing interventions against criminal actors.

The course will provide you with insights and practical measures to design effective policies to mitigate the most critical risks.

With new laws like NIS2 requiring cybersecurity training, this course is ideal for professionals in IT, auditing, safety & security, risk assessment & threat analysis, law & compliance enforcement, risk governance and related fields. 

What You'll Learn

After completion of the course, participants should be in a position to:

  1. Explain a variety of security behaviors of individuals
  2. Design policies and interventions that are based on a full understanding of user behavior
  3. Explain a variety of attacker behaviors
  4. Design policies and interventions that are based on a true understanding of attacker behavior

Details

Course Syllabus

Week 1:
In this week we will introduce the comprehensive human aspects of security and privacy within complex computer systems. 
Topics covered this week:

  • Introduction to user research
  • Analyzing users’ security behavior in organizations
  • Exploring security considerations for home users

Week 2:
The focus of this week will be on broader aspects of human decision-making in the context of digital security and privacy.
Topics covered this week:

  • Exploring the choices users make when interacting with security systems
  • Analyzing the different privacy considerations users are faced with

Week 3:
This week we will conclude the section analyzing users by looking into the costs and interventions associated with cybersecurity and privacy at the user level.
Topics covered this week:

  • Factors that influence security and privacy behaviors
  • Analysis of security and privacy interventions

Week 4:
In this week we will introduce key concepts of cybercrime, examining the diverse range of offenders, their motivations, and the theoretical frameworks that explain their behaviors.
Topics covered in this week:

  • Different types of criminal actors
  • Key theoretical approaches influencing cybercrime
  • Addressing the myth of cybercrime’s sophistication
  • Exploring the cybercrime markets

Week 5:
This week we will focus on the evolving landscape of cybercrime by exploring its commoditization, resources and the services that drive this illicit industry.
Topics covered in this week:

  • The concept of cybercrime as a service
  • Approaches to measuring threat
  • Measuring cybercrime infrastructure 
  • The ethics of using stolen and scraped data

Week 6:
In the final week we will investigate the different approaches used to combat cybercrime, focusing both on offender perspective as well as enforcement strategies.
Topics covered this week:

  • Analysis of the methodologies used for interviewing cybercrime perpetrators 
  • Law enforcement interventions
  • The Budapest convention
  • Investigation of the measures taken to prevent cybercrime

Qualifications

Certificates

If you successfully complete this course you will earn a professional education certificate and you are eligible to receive 2.5 Continuing Education Units (CEUs).

View sample certificate

Admission

This course is primarily geared towards working professionals.

Prerequisites:

Participants are encouraged to combine this course with the course “Economics of Cybersecurity: Foundations and Measurements” and “Economics of Cybersecurity: Solutions”.

Contact

If you have any questions about this course or the TU Delft online learning environment, please visit our Help & Support page.

Technology, Policy & Management

Enroll now Enroll with STAP

  • Starts: Jan 22, 2025
  • Fee: €1050
  • Discounted group fee: contact us
  • Enrollment open until: Jan 15, 2025
  • Length: 6 weeks
  • Effort: 4 - 6 hours per week
  • Early Bird price: €840

Related courses and programs