Spring 2024 • Seminar
Cybersecurity Risks, Rules and Responsibilities
Prerequisite: None
Exam Type: No Exam
Grading will be based 50% on class participation and 50% on 5 short thought papers submitted and presented orally over the course of the semester.
This seminar will focus on the laws, standards and liabilities that govern responsibility for anticipating and addressing cybersecurity risks. The course will cover threats such as ransomware, critical infrastructure attacks, personal data breaches, email account take-overs, exfiltration of proprietary data and intellectual property, exploitation of software and internet hardware vulnerabilities, insider threats, and state-sponsored cyber attacks. Students will examine the roles of various government agencies such as the White House, Cybersecurity and Infrastructure Security Agency (CISA), DOJ, FBI, Federal Trade Commission (FTC), Securities and Exchange Commission (SEC), Commerce, Treasury and HHS Departments, intelligence community, financial regulators, and their respective international counterparts. Students will explore the distinction between agencies that help protect against and disrupt cyberattacks, and those that regulate the sufficiency of private sector safeguards and enforce against putative laggards. The role of boards of directors and corporate governance will also be explored. Readings will include a broad range of cybersecurity laws and regulations, executive orders, judicial decisions, regulatory enforcement actions, government and expert reports, agency guidance, corporate filings, and news articles. Current cyber developments will be discussed regularly.