Social and Organizational Informatics of Security

L Jean Camp
Associate Professor of Informatics

Course Readings & Syllabus

ROOM CHANGE: Please Meet at Willkie Hall C109 on Monday at 11:15am


This class is divided into five major themes, with sessions organized under those themes. The basic question is the relationship between organizations, security and privacy.
As with the normal organizational informatics class, this course has two intellectual pillars. The first pillar of the course is the material provided in the readings, subject to quizzes in the classroom, and discussed in the sections. The second pillar is the project.
The reading material and the lectures are selected by the professor and AIs. The students are responsible for arriving with the reading complete, and ready to participate. The students also provide the content of the project.
Grading and Assignments
It is very easy to pass this class, because there are many opportunities to earn credit. In a complementary vein, it is very difficult to ace this class, because it requires an excellent project, a very good presentation, and consistently arriving in class with the reading complete.

I have office hours at least twice a week. I expect my AIs to have office hours as well.

30% class participation in class and on oncourse
10% presentation due as scheduled
60% Final project:  
  10% group formation due Jan. 24
  10% work plan and project definition due Feb. 19
  5% bibliography due Feb. 26
  5% revised work plan due March 24
  30% written project April 30


Course Themes

Organizational Informatics

The first major theme is the nature of organizations. An organization can be perceived as single monolithic rational entity; as a collection of competing groups of stakeholders; as a collection of individuals each acting upon their own aims; as a machine irrationally following process; or a anthropological cultural entity. This is the same set of readings as in Organizational Informatics, and will cover the first few weeks of the course.

The Security Market

The second major theme is the security market. The security market is far from monolithic. There are service offerings, custom code, NSA approvals, and DRM. This section of the class will include the core security vocabulary, and an understanding of how security goals can conflict not only with organizational goals but also with each other.

Security Strategies

The third major theme is the use of security in markets. This section will include discussions of DRM, the DMCA, and peer to peer systems as strategies. The use of security in markets beyond traditional IT markets will be a focus here, including printer and automotive markets.

Privacy and the Corporation

The fourth section includes an examination of the role of privacy in the marketplace. We look at legal constraints on re-use of information; privacy as an issue in out-sourcing; privacy and security. This examination will include both the personal and individual perspectives on privacy.

Security and Open Systems

Open code includes both free software and open source. Open source proponents and honey pots agree that open systems are less often subject to intrusion. Is there an economic or organizational reason, or is this strictly technical?

Crime of the Internet

Crime on the Internet includes all the traditional forms, and some forms you have not yet heard of. Indeed, traveling around Bloomington any person could, in two days, put together a botnet of hundreds of hosts. This part of the course will look at some popular crime, including 419 scams, phishing and denial of service. The course will also look at emergent crimes; for example, distributed phishing and wireless attacks.

Closing the Internet

The traditional carriers of information include the phone company and the cable company. Both of these companies have proven less than nimble in the competition in making money from the network. Now the incumbent exchange carriers aka phone companies) and the MSO's (aka cable companies) want to filter internet content and charge. The experiences of various international governments has shown that this is possible if there is significant enforcement. What is the strategy behind this and other Internet control initiatives?

Guest Speakers

Throughout the semester the course will leverage the particular leadership of Indiana University. Guest speakers will include those on the front line, who are protecting IU and Internet2 from attacks; as well as researchers who are developing innovative attacks. Additional possibilities guest speakers include a forensics expert from the local FBI laboratory and corporate security strategists. Guest speakers will be invited based in part on student interest.

Course Goals
Each person who has completed this class should leave with a set of skills, and a particular knowledge base. The skill set should both help in the near term (for the capstone or any thesis requirement) and in the long term. The vocabulary and knowledge base should ideally help throughout your career.

The core of this class is understanding security as a social phenomena. Some constraints in security align with the law, and some are effectively enforcers are extra-legal elements. Most of the papers you read in this class will be by law professors and social theorists However, they will not necessarily agree and when they do this does not mean you have read the final word. What you should most understand is how to think about security as social, organizational, and even legal construct as well as a technology in and of itself.

The skill set that should come from this class includes professional writing, with a particular focus on memo writing, and project planning. In particular there are a set of deadlines. Each of these is one step in long term project planning. The embodiment of the project is a paper at the end of the semester. However, the final embodiment of the project is only half the total credit. Working consistently towards the final project, planning, and developing a question together have equal value.

Another skill is memo-writing as a habit. After each week you will send an email to a dedicated inbox. That email will be professional and formal. All emails to AIs and to the professor will be professional. The goal of this is to create a habit of writing professional emails, and to hopefully through this habit prevent any future career-limiting email blunders.

The Project
The project is intended to teach basic practical skills in preparation for the workplace. Project memos are expected to be printed and professional. The topic description should be more than adequate. The work plan is expected to be detailed and complete. If, for example, there is plagiarism in the project I should be able to place responsibility for this misconduct via the work plan. If there is an excellent section of an average project that is excellent, I should be able to give credit based on the work plan.

In the near term this project is a short practice for the capstone. The tasks in the class mirror those required for a thesis or capstone because the capstone, any thesis requirement, and the project in this course are intended as preparation for the workplace. Thus there is as much emphasis on the preparation for the project as there is on the project itself.