Topics
Choose one topic
Economic aspects of operating system security mechanisms
Cyber security violations usually target networks, systems or apps. This course is obviously about systems or more specifically, operating systems. As discussed in class, different security mechanisms are incorporated into operating systems such as passwords, certificates, access controls, anti-virus etc. However, little research exists in the literature on the economics of installing these security or protection mechanisms. For instance, did you know that nearly 100% of "invalid certificate" warnings are false positives? While it is certainly not advisable to connect to web sites offering invalid or expired certificates, it is common experience that such warnings usually tend to be false alarms (e.g. the website perhaps just didn't renew their certificate to avoid fees). But from an economics standpoint, it is useless effort expended by users, continuously bothered by false alarms, obstructing their productivity.
Your job is to research on any five to ten such protection or security mechanisms offered by modern operating systems and then report on the economics of having those mechanisms:
Are they truly necessary?
How often do they emit false alarms (aka. false positives)?
Analyze the economics of the mechanism. i.e. cost-benefit ratio where the time/effort/money used to install and use those mechanisms requires is compared to the benefit they offer in terms of preventing attacks.
2. Survey of economic impact of operating system security violations
Survey and report on major data breaches or cyber security attacks where weaknesses of operating systems were exploited. Summarize about four or five of them and explain the economic impacts of those attacks. i.e., how much losses were incurred and how better protection mechanisms into the OS (either by the designers or by users) would have helped mitigate those losses. Provide full details.