Course title

International Law, Cybersecurity and Privacy

Lecture type

Obligatory

ECTS

5

Lecturers and Associates

• PhD Scott J. Shackelford, Lecturer

The course aims

This course is designed to introduce students to the cross-disciplinary field of international law, cybersecurity and privacy management, with a special emphasis on comparative commercial, intellectual property and information security legal standards and policy. Students will in particular focus on three interrelated areas of cybersecurity risk management: management policies, technology, and legal/ethical issues put in a global context. Students will also acquire basic knowledge within the broader perspective of information risk and security, including: what is the best we can hope for in terms of ‘cybersecurity’ and why is it important, how does it relate to privacy and ethical considerations, how are cybersecurity governance trends converging and diverging around the world, and what are the various ways in which the private and public sectors can more effectively mitigate cyber risk. The latter topic may be broken down into discussions of vulnerabilities, governance best practices, and contingency planning.

Content

Lecture topics:
L1: Introduction to the international law
L2: Laws and regulations enacted in Croatia, EU and USA
L3: Internet Governance and Dimensions of Cyber Conflict
L4: Selecting Research Topics and Launching Capstone Project
L5: Introducing the Three Dimensions of Cybersecurity Risk Management
L6: Cybersecurity Trends and Opportunities
L7: Introduction to Legal Reasoning and Online Dispute Resolution
L8: Introducing the Big Questions in European and US Cybersecurity Law and Policy
L9: What are we protecting? [Intellectual Property]
L10: What can we do to protect it legally? [Contracts]
L11: What happens when things go wrong? [Torts]
L12: What are the fiduciary duties for managers to enhance cybersecurity? [Agency]
L13: How do we balance security and privacy?
L14: Cybersecurity Ethics/Corporate Social Responsibility Primer
L15: Analogizing Cybersecurity: Lessons from Sustainability
L16: Regulating Cybersecurity Across the Cyber Powers Part I (U.S.)
L17: Regulating Cybersecurity Across the Cyber Powers Part II (European Union, China, India, Russia, and Korea)
L18: Introduction to the Global Legal System
L19: Law of Cyber War and Peace
L20: Cybersecurity Hot Topics (e.g. critical infrastructure protection, Internet of Things, etc.)

Topics for seminar classes:
S1: Information security.
S2: Information security standard ISO 27001.
S3: Security policy.
S4: Organization of information security.
S5: Physical security.
S6: Classification and protection of information.
S7: Cryptography and its application.
S8: Management of information vulnerabilities.
S9: Management and escalation of problems/risks.
S10: IDS and IPS (Intrusion Detection System and Intrusion Protection System).
S11: Security of wireless networks.
S12: Information security tools.
S13: Computer forgery and computer fraud.
S14: Security strategies.
S15: PKI – Public Key Infrastructure.
S16: Quantitative and qualitative risk analysis.
S17: Perception of risks.
S18: Digital forensics.
S19: CERT (Computer Emergency Response Team).
S20: CSIRT (Computer Security Incident Response Team).

Literature

Scott J. Shackelford, Managing Cyber Attacks in International Law, Business and Relations: In Search of Cyber Peace (Cambridge University Press, 2014)

Supplementary literature

Cybersecurity and Cyber War: What Everyone Needs to Know (Oxford University Press)
Eric L.Richards and Scott J. Shackelford , Legal and Ethical Aspects of International Business (Aspen College Series, Wolters Kluwer Law and Business, 2014)
Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (Michael N. Schmitt ed., 2017)