Network


Latest external collaboration on country level. Dive into details by clicking on the dots.

Hotspot


Dive into the research topics where Stefan Laube is active.

Publication


Featured researches published by Stefan Laube.


Journal of Cybersecurity | 2016

The economics of mandatory security breach reporting to authorities

Stefan Laube; Rainer Böhme

Legislators in many countries enact security breach notification regulation to address a lack of information security. The laws designate authorities to collect breach reports and advise firms. We devise a principal–agent model to analyze the economic effect of mandatory security breach reporting to authorities. The model assumes that firms (agents) have few incentives to unilaterally report breaches. To enforce the law, regulators (principals) can introduce security audits and sanction noncompliance. However, audits cannot differentiate between concealment and nescience of the agents. Even under optimistic assumptions regarding the effectiveness of mandatory security breach reporting to authorities in reducing individual losses, our model predicts that it may be difficult to adjust the sanction level such that breach notification laws generate social benefit.


computer and communications security | 2015

Mandatory Security Information Sharing with Authorities: Implications on Investments in Internal Controls

Stefan Laube; Rainer Böhme

New regulations mandating firms to share information on security breaches and security practices with authorities are high on the policy agenda around the globe. These initiatives are based on the hope that authorities can effectively advise and warn other firms, thereby strengthening overall defense and response to cyberthreats in an economy. If this mechanism works (as assumed in this paper with varying effectiveness), it has consequences on security investments of rational firms. We devise an economic model that distinguishes between investments in detective and preventive controls, and analyze its Nash equilibria. The model suggests that firms subject to mandatory security information sharing 1) over-invest in security breach detection as well as under-invest in breach prevention, and 2), depending on the enforcement practices, may shift investment priorities from detective to preventive controls. We also identify conditions where the regulation increases welfare.


ACM Computing Surveys | 2017

Strategic Aspects of Cyber Risk Information Sharing

Stefan Laube; Rainer Böhme

Cyber risk management largely reduces to a race for information between defenders of ICT systems and attackers. Defenders can gain advantage in this race by sharing cyber risk information with each other. Yet, they often exchange less information than is socially desirable, because sharing decisions are guided by selfish rather than altruistic reasons. A growing line of research studies these strategic aspects that drive defenders’ sharing decisions. The present survey systematizes these works in a novel framework. It provides a consolidated understanding of defenders’ strategies to privately or publicly share information and enables us to distill trends in the literature and identify future research directions. We reveal that many theoretical works assume cyber risk information sharing to be beneficial, while empirical validations are often missing.


Archive | 2015

How Can Information Systems Help to Make Policymaking Be More Sensitive to Global Long-Term Perspectives?

Adrian Dolensky; Stefan Laube; Elena Gorbacheva

In the last decades several positive world trends have indicated that, in general, the world is getting healthier, better educated, richer, more peaceful, and better connected.


workshop on the economics of information security | 2015

The Economics of Mandatory Security Breach Reporting to Authorities.

Stefan Laube; Rainer Böhme


Proceedings of the 1st European Workshop on Usable Security (EuroUSEC) | 2016

Users Protect Their Privacy If They Can: Determinants of Webcam Covering Behavior

D Machuletz; H Sendt; Stefan Laube; Rainer Böhme


Archive | 2014

Das IT-Sicherheitsgesetz

Rainer Böhme; Stefan Laube


human factors in computing systems | 2018

Webcam Covering as Planned Behavior

Dominique Machuletz; Stefan Laube; Rainer Böhme


Variance | 2018

A Fundamental Approach to Cyber Risk Analysis

Rainer Böhme; Stefan Laube; Markus Riek


Workshop on Information Systems and Economics (WISE) | 2017

Economics of Ransomware Attacks

Terrence August; D Dao; Stefan Laube; Marius Florin Niculescu

Collaboration


Dive into the Stefan Laube's collaboration.

Top Co-Authors

Avatar
Top Co-Authors

Avatar

Markus Riek

University of Innsbruck

View shared research outputs
Top Co-Authors

Avatar

D Machuletz

University of Münster

View shared research outputs
Top Co-Authors

Avatar
Top Co-Authors

Avatar
Top Co-Authors

Avatar

H Sendt

University of Münster

View shared research outputs
Top Co-Authors

Avatar

Marius Florin Niculescu

Georgia Institute of Technology

View shared research outputs
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Adrian Dolensky

University of Liechtenstein

View shared research outputs
Researchain Logo
Decentralizing Knowledge