Stefan Laube
University of Münster
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Stefan Laube.
Journal of Cybersecurity | 2016
Stefan Laube; Rainer Böhme
Legislators in many countries enact security breach notification regulation to address a lack of information security. The laws designate authorities to collect breach reports and advise firms. We devise a principal–agent model to analyze the economic effect of mandatory security breach reporting to authorities. The model assumes that firms (agents) have few incentives to unilaterally report breaches. To enforce the law, regulators (principals) can introduce security audits and sanction noncompliance. However, audits cannot differentiate between concealment and nescience of the agents. Even under optimistic assumptions regarding the effectiveness of mandatory security breach reporting to authorities in reducing individual losses, our model predicts that it may be difficult to adjust the sanction level such that breach notification laws generate social benefit.
computer and communications security | 2015
Stefan Laube; Rainer Böhme
New regulations mandating firms to share information on security breaches and security practices with authorities are high on the policy agenda around the globe. These initiatives are based on the hope that authorities can effectively advise and warn other firms, thereby strengthening overall defense and response to cyberthreats in an economy. If this mechanism works (as assumed in this paper with varying effectiveness), it has consequences on security investments of rational firms. We devise an economic model that distinguishes between investments in detective and preventive controls, and analyze its Nash equilibria. The model suggests that firms subject to mandatory security information sharing 1) over-invest in security breach detection as well as under-invest in breach prevention, and 2), depending on the enforcement practices, may shift investment priorities from detective to preventive controls. We also identify conditions where the regulation increases welfare.
ACM Computing Surveys | 2017
Stefan Laube; Rainer Böhme
Cyber risk management largely reduces to a race for information between defenders of ICT systems and attackers. Defenders can gain advantage in this race by sharing cyber risk information with each other. Yet, they often exchange less information than is socially desirable, because sharing decisions are guided by selfish rather than altruistic reasons. A growing line of research studies these strategic aspects that drive defenders’ sharing decisions. The present survey systematizes these works in a novel framework. It provides a consolidated understanding of defenders’ strategies to privately or publicly share information and enables us to distill trends in the literature and identify future research directions. We reveal that many theoretical works assume cyber risk information sharing to be beneficial, while empirical validations are often missing.
Archive | 2015
Adrian Dolensky; Stefan Laube; Elena Gorbacheva
In the last decades several positive world trends have indicated that, in general, the world is getting healthier, better educated, richer, more peaceful, and better connected.
workshop on the economics of information security | 2015
Stefan Laube; Rainer Böhme
Proceedings of the 1st European Workshop on Usable Security (EuroUSEC) | 2016
D Machuletz; H Sendt; Stefan Laube; Rainer Böhme
Archive | 2014
Rainer Böhme; Stefan Laube
human factors in computing systems | 2018
Dominique Machuletz; Stefan Laube; Rainer Böhme
Variance | 2018
Rainer Böhme; Stefan Laube; Markus Riek
Workshop on Information Systems and Economics (WISE) | 2017
Terrence August; D Dao; Stefan Laube; Marius Florin Niculescu