International Law, Cybersecurity and Privacy

International Law, Cybersecurity and Privacy

  • Class 40
  • Practice 0
  • Independent work 110
Total 150

Course title

International Law, Cybersecurity and Privacy

Lecture type




Lecturers and Associates

The course aims

This course is designed to introduce students to the cross-disciplinary field of international law, cybersecurity and privacy management, with a special emphasis on comparative commercial, intellectual property and information security legal standards and policy. Students will in particular focus on three interrelated areas of cybersecurity risk management: management policies, technology, and legal/ethical issues put in a global context. Students will also acquire basic knowledge within the broader perspective of information risk and security, including: what is the best we can hope for in terms of ‘cybersecurity’ and why is it important, how does it relate to privacy and ethical considerations, how are cybersecurity governance trends converging and diverging around the world, and what are the various ways in which the private and public sectors can more effectively mitigate cyber risk. The latter topic may be broken down into discussions of vulnerabilities, governance best practices, and contingency planning.


Lecture topics:
L1: Introduction to the international law
L2: Laws and regulations enacted in Croatia, EU and USA
L3: Internet Governance and Dimensions of Cyber Conflict
L4: Selecting Research Topics and Launching Capstone Project
L5: Introducing the Three Dimensions of Cybersecurity Risk Management
L6: Cybersecurity Trends and Opportunities
L7: Introduction to Legal Reasoning and Online Dispute Resolution
L8: Introducing the Big Questions in European and US Cybersecurity Law and Policy
L9: What are we protecting? [Intellectual Property]
L10: What can we do to protect it legally? [Contracts]
L11: What happens when things go wrong? [Torts]
L12: What are the fiduciary duties for managers to enhance cybersecurity? [Agency]
L13: How do we balance security and privacy?
L14: Cybersecurity Ethics/Corporate Social Responsibility Primer
L15: Analogizing Cybersecurity: Lessons from Sustainability
L16: Regulating Cybersecurity Across the Cyber Powers Part I (U.S.)
L17: Regulating Cybersecurity Across the Cyber Powers Part II (European Union, China, India, Russia, and Korea)
L18: Introduction to the Global Legal System
L19: Law of Cyber War and Peace
L20: Cybersecurity Hot Topics (e.g. critical infrastructure protection, Internet of Things, etc.)

Topics for seminar classes:
S1: Information security.
S2: Information security standard ISO 27001.
S3: Security policy.
S4: Organization of information security.
S5: Physical security.
S6: Classification and protection of information.
S7: Cryptography and its application.
S8: Management of information vulnerabilities.
S9: Management and escalation of problems/risks.
S10: IDS and IPS (Intrusion Detection System and Intrusion Protection System).
S11: Security of wireless networks.
S12: Information security tools.
S13: Computer forgery and computer fraud.
S14: Security strategies.
S15: PKI – Public Key Infrastructure.
S16: Quantitative and qualitative risk analysis.
S17: Perception of risks.
S18: Digital forensics.
S19: CERT (Computer Emergency Response Team).
S20: CSIRT (Computer Security Incident Response Team).


Scott J. Shackelford, Managing Cyber Attacks in International Law, Business and Relations: In Search of Cyber Peace (Cambridge University Press, 2014)

Supplementary literature

Cybersecurity and Cyber War: What Everyone Needs to Know (Oxford University Press)
Eric L.Richards and Scott J. Shackelford , Legal and Ethical Aspects of International Business (Aspen College Series, Wolters Kluwer Law and Business, 2014)
Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (Michael N. Schmitt ed., 2017)

Minimum learning outcomes

  • Identify the processes by which international laws are made, amended, interpreted, and most importantly applied across the major cyber powers with a special emphasis on the European Union and the United States.
  • Compare regulation of international commercial relations, intellectual property and business decision-making frameworks.
  • Evaluate legal, ethical, and business implications of cybersecurity and privacy decisions.
  • Identify the information risks in a given transaction or project.
  • Distinguish different theories of cybersecurity ethics, norms, and corporate social responsibility doctrines in different contexts.

Preferred learning outcomes

  • Critically interpret the process through which cybersecurity laws and policies are made, changed, interpreted, and applied and how legal disputes get resolved between actors, in the European Union but put in a global context.
  • Critically interpret basic concepts and roles for international commercial relations, intellectual property and business decision-making management.
  • Compare and critically interpret methods and analysis of legal, ethical, business and privacy incidents.
  • Evaluate the information risks and opportunities, and recommend a response plan for a complex project.
  • Critically assess different theories of cybersecurity ethics, norms, and corporate social responsibility doctrines in different contexts.