Social and Organizational Informatics of Security
L Jean Camp
Associate Professor of Informatics
Course Readings & Syllabus
ROOM CHANGE: Please Meet at Willkie Hall C109 on Monday at 11:15am
Overview
This class is divided into five major themes, with sessions organized
under those themes. The basic question is the relationship between
organizations, security and privacy.
As with the normal organizational informatics class, this course has
two intellectual pillars. The first pillar of the course is the
material provided in the readings, subject to quizzes in the classroom,
and discussed in the sections. The second pillar is the project.
The reading material and the lectures are selected by the professor and
AIs. The students are responsible for arriving with the reading
complete, and ready to participate. The students also provide the
content of the project.
Grading and Assignments
It is very easy to pass this class, because there are many
opportunities to earn credit. In a complementary vein, it is very
difficult to ace this class, because it requires an excellent project,
a very good presentation, and consistently arriving in class with the
reading complete.
I have office hours at least twice a week. I expect my AIs to have office hours as well.
| 30% |
class participation |
in class and on oncourse |
| 10% |
presentation |
due as scheduled |
| 60% |
Final project: |
|
| |
10% |
group formation |
due Jan. 24 |
| |
10% |
work plan and project definition |
due Feb. 19 |
| |
5% |
bibliography |
due Feb. 26 |
| |
5% |
revised work plan |
due March 24 |
| |
30% |
written project |
April 30 |
Course Themes
Organizational Informatics
The first major
theme is the nature of organizations. An organization can be perceived
as single monolithic rational entity; as a collection of competing
groups of stakeholders; as a collection of individuals each acting upon
their own aims; as a machine irrationally following process; or a
anthropological cultural entity. This is the same set of readings as in
Organizational Informatics, and will cover the first few weeks of the
course.
The Security Market
The second major theme is the security market. The security market is
far from monolithic. There are service offerings, custom code, NSA
approvals, and DRM. This section of the class will include the core
security vocabulary, and an understanding of how security goals can
conflict not only with organizational goals but also with each other.
Security Strategies
The third major theme is the use of security in markets. This section
will include discussions of DRM, the DMCA, and peer to peer systems as
strategies. The use of security in markets beyond traditional IT
markets will be a focus here, including printer and automotive markets.
Privacy and the Corporation
The fourth
section includes an examination of the role of privacy in the
marketplace. We look at legal constraints on re-use of information;
privacy as an issue in out-sourcing; privacy and security.
This examination will include both the personal and individual
perspectives on privacy.
Security and Open Systems
Open code includes both free software and open source. Open source
proponents and honey pots agree that open systems are less often
subject to intrusion. Is there an economic or organizational reason, or
is this strictly technical?
Crime of the Internet
Crime on the Internet includes all the traditional forms, and some
forms you have not yet heard of. Indeed, traveling around Bloomington
any person could, in two days, put together a botnet of hundreds of
hosts. This part of the course will look at some popular crime,
including 419 scams, phishing and denial of service. The course will
also look at emergent crimes; for example, distributed phishing and
wireless attacks.
Closing the Internet
The traditional carriers of information include the phone company and
the cable company.
Both of these companies have proven less than nimble in the competition
in making money from the network. Now the incumbent exchange carriers
aka phone companies) and the MSO's (aka cable companies) want to filter
internet content and charge. The experiences of various international
governments has shown that this is possible if there is significant
enforcement. What is the strategy behind this and other Internet
control initiatives?
Guest Speakers
Throughout the semester the
course will leverage the particular leadership of Indiana University.
Guest speakers will include those on the front line, who are protecting
IU and Internet2 from attacks; as well as researchers who are
developing innovative attacks. Additional possibilities guest speakers
include a forensics expert from the local FBI laboratory and corporate
security strategists. Guest speakers will be invited based in part on
student interest.
Course Goals
Each person who has completed
this class should leave with a set of skills, and a particular
knowledge base.
The skill set should both help in the near term (for the capstone or
any thesis requirement) and in the long term. The vocabulary and
knowledge base should ideally help throughout your career.
The core of this class is understanding security as a social
phenomena. Some constraints in security align with the law, and some
are effectively enforcers are extra-legal elements. Most of the papers
you read in this class will be by law professors and social theorists
However, they will not necessarily agree and when they do this does not
mean you have read the final word. What you should most understand is
how to think about security as social, organizational, and even legal
construct as well as a technology in and of itself.
The skill set that should come from this class includes professional
writing, with a particular focus on memo writing, and project planning.
In particular there are a set of deadlines. Each of these is one step
in long term project planning.
The embodiment of the project is a paper at the end of the semester.
However, the final embodiment of the project is only half the total
credit. Working consistently towards the final project, planning, and
developing a question together have equal value.
Another skill is memo-writing as a habit. After each week you will send
an email to a dedicated inbox. That email will be professional and
formal. All emails to AIs and to the professor will be professional.
The goal of this is to create a habit of writing professional emails,
and to hopefully through this habit prevent any future career-limiting
email blunders.
The Project
The project is intended to teach
basic practical skills in preparation for the workplace. Project memos
are expected to be printed and professional. The topic description
should be more than adequate. The work plan is expected to be detailed
and complete. If, for example, there is plagiarism in the project I
should be able to place responsibility for this misconduct via the work
plan. If there is an excellent section of an average project that is
excellent, I should be able to give credit based on the work plan.
In the near term this project is a short practice for the
capstone. The tasks in the class mirror those required for a thesis or
capstone because the capstone, any thesis requirement, and the project
in this course are intended as preparation for the workplace. Thus
there is as much emphasis on the preparation for the project as there
is on the project itself.