Skip to main content Link Search Menu Expand Document (external link)
LIS 640

Week 14 Studio: Semester Review

This semester, we spent a lot of time looking at cybersecurity incidents, and taking them apart to try to understand how they come about and what we can do to stop them or deal with them better. Each week, I tried to convince you of one major point about cybersecurity. Here is what we focused on:

  • Week 1: It is important to look at actual incidents to understand what cybersecurity is.
  • Week 2: If you want to stop cyberattacks, Look at all of the people involved in an incident, and then try to understand their motivations for why they behave the way they do.
  • Week 3: To stop cyberattacks, think like a hacker and try to find ways to get around security systems and rules to your own advantage.
  • Week 4: To stop cyberattacks, you have to understand how regular people think about cybersecurity, and the heuristics and biases they use to make security decisions.
  • Week 5: There are many different people with different cybersecurity needs; there is no one-size-fits-all solution.
  • Week 6: To understand cybersecurity and set effective policy, it is important to look at larger systems.
  • Week 7: Identify system-level patterns like misaligned incentives and externalities helps to understand why cybersecurity is still hard.
  • Week 8: Looking at how different people have different information (information asymmetry) helps to understand cybersecurity and identify solutions.
  • Week 9: Many cybersecurity problems can’t be solved by individuals, but instead need policy-level solutions.
  • Week 10: Technical vulnerabilities can be seen as weapons; they can also be seen as software bugs. This dual nature makes dealing with them challenging.
  • Week 11: Generative AI has the potential to change the balance of power in cybersecurity, but it has not yet.
  • Week 12: Everyone lies – a lot. Often, telling the truth, and convincing others you are telling the truth (signalling), is the hard part.
  • Week 13: Hackers frequently pretend to be something they are not (e.g. phishing); this means you have to somewhat distrust everything to stop attacks
  • Week 14: No cybersecurity will be perfect, and really, we aren’t doing that bad.

Do you believe all of these claims? Think like a hacker about this class; which of these claims might be wrong, or invalid, or might be able to be abused by hackers to circumvent security?