I330 Social and Organizational Informatics of Security Prospectus



Organizational Informatics of Security

L Jean Camp
Scheduled for Spring 2008
BH 242
Monday and Wednesday 11:15A-12:30P

Office Hours
Informatics Building 200
Mondays 3-5pm
Wednesdays 2-4pm

Full Syllabus with Detailed Readings

Grading Guidelines

16% class participation in class and on on-course
14% weekly essays due every Friday
10% presentation due as scheduled
60% Final project:  
  10% group formation due the third week
  5% bibliography due fourth week
  10% work plan and project definition due the sixth week
  5% revised work plan and outline due eighth week
  30% written project due exam period



The Assignments
The project is intended to teach basic practical skills in preparation for the workplace. Memos are expected to be printed and professional. The work plan is expected to be detailed and complete. If, for example, there is plagiarism in the project I should be able to place responsibility for this misconduct via the work plan. If there is an section of an average project that is excellent, I should be able to give credit based on the work plan.


In the near term this project is a short practice for the capstone. The tasks in the class mirror the capstone because the capstone and the project are intended to prepare you for the workplace. Thus there is as much emphasis on the preparation for the project (30 pts) as there is on the project itself (30 pts).

This class is divided into five major themes, with sessions organized under those themes.


The course has two intellectual pillars. The first pillar of the course is the material provided in the readings, subject to quizzes in the classroom, and discussed in the sections. The second pillar is the project. The material int eh classroom is selected by the professor and assistants. You bring the material for the project to the table.

Course Themes

What is an Organization

The first major theme is the nature of organizations. An organizations can be perceived as single monolithic rational entity; as a collection of competing groups of stakeholders; as a collection of individuals each acting upon their own aims; as a machine irrationally following process; or a anthropological cultural entity. Each of these views of organizations has implications for the implementation of security technologies. Technologies can be used to form groups, to exclude others, to centralize control or to push responsibility down the organizational chart.

The Security Market

The second major theme is the security market. The security market is far from monolithic. There are service offerings, custom code, NSA approvals, and DRM. This section of the class will include the core security vocabulary, and an understanding of how security goals can conflict not only with organizational goals but also with each other.

The major theme includes the use of security in other IT markets. This section will include discussions of DRM, the DMCA, and peer to peer systems as strategies. The use of security in markets beyond traditional IT markets will be a focus here, including printer, operating system, banking, and automotive markets.

Privacy and the Corporation

The third section includes an examination of the role of privacy in the marketplace. We look at legal constraints on re-use of information; privacy as an issue in out-sourcing; privacy and security. This examination will include both the personal and individual perspectives on privacy.

Security and Open Systems

Open code includes both free software and open source. Open source proponents and honey pots agree that open systems are less often subject to intrusion. Is there an economic or organizational reason, or is this strictly technical?

Crime of the Internet

Crime on the Internet includes all the traditional forms, and some forms you have not yet heard of. Indeed, traveling around Bloomington any person could, in two days, put together a botnet of hundreds of hosts. This part of the course will look at some popular crime, including 419 scams, phishing and denial of service. The course will also look at emergent crimes; for example, distributed phishing and wireless attacks.

Closing the Internet

The traditional carriers of information include the phone company and the cable company. Both of these companies have proved less than nimble in the competition in making money from the network. Now the incumbent exchange carriers aka phone companies) and the MSO's (aka cable companies) want to filter Internet content and charge. The experiences of various international governments has shown that this is possible if there is significant enforcement. What is the strategy behind this and other Internet control initiatives?

Guest Speakers

Throughout the semester the course will leverage the particular leadership of Indiana University. Guest speakers will include those on the front line, who are protecting IU and Internet2 from attacks; as well as researchers who are developing innovative attacks. Additional possibilities guest speakers include a forensics expert from the local FBI laboratory and corporate security strategists. Guest speakers will be invited based in part on student interest.

Course Goals
Each person who has completed this class should leave with a set of skills, and a particular knowledge base. The skill set should both help in the near term (for the capstone or any thesis requirement) and in the long term. The vocabulary and knowledge base should ideally help throughout your career.

The core of this class is understanding security as an economic and organizational phenomena. In the marketplace, security is simply another tool in the competition for profit. To the extent that security is leveraged effectively, products can gain and maintain dominance. To the extent that it is misused, firms can lose customers, market share, and force regulation of the market. Some constraints in security align with the law, and some are effectively enforcers are extra-legal elements. Some of the papers you read in this class will be by law professors, economists, and social theorists. One of the things you will learn in this class is how to read legal and economic papers. For example, even a reasoned argument in a well-repsected legal journal written by a senior scholar does not define the law. The cases and judged define the law.

The skill set that should come from this class includes professional writing, with a particular focus on memo writing, and project planning. In particular there are a set of deadlines. Each of these is one step in long term project planning. The embodiment of the project is a paper at the end of the semester. However, the final embodiment of the project is only half the total credit. Working consistently towards the final project, planning, and developing a question together have equal value.

Another skill is memo-writing as a habit. After each week you will send an email to a dedicated inbox. That email will be professional and formal. All emails to AIs and to the professor will be professional. The goal of this is to create a habit of writing professional emails, and to hopefully through this habit prevent any future career-limiting email blunders.