I330: Legal and Social Aspects of Security
INFO-I 400 / 590
Tuesday Thursday 4:00pm - 5:15pm
Info West 107
This course examines that set of ethical and legal problems most tightly bound to the issues of information control. The interaction and technology changes, but the core issues have remained: privacy, intellectual property, Internet law, concepts of jurisdiction, speech anonymity versus accountability, and ethical decision making in the network environment.
InstructorProf. Kami Vaniea
Info West 301
Office Hours: Tuesday 2-3pm
Assistant InstructorGianpaolo Russo
- 13/15 January
Discussion: Introduction to class and email security
Read for class: No reading for this week
- 20/22 January
Discussion: Web tracking
Optional: Optional: Optional: Optional: News: News: News:
Link from lecture:
- 27/29 January
Discussion: Intro to Legal Aspects of Security
Read for class: Read for class: Read for class: Read for class: News: Link from Lecture:
- 3/5 Febuary
Discussion: Policy and Regulation
Read for class: Read for class: Read for class: Read for class: Read for class: Read for class:
- 10/12 Febuary
Discussion: Data Brokers
Read for class: Read for class: Read for class: Optional: News: News: News:
- 17/19 Febuary
Discussion: Threat Modeling
Read for class: Read for class: Read for class: Optional: Optional:
- 24/26 Febuary
Discussion: Psychology of Security
Read for class: Optional: News: News:
|Labs and Quizzes||20%|
Grades will be given out as follows:
Readings and QuizesStudents will be assigned readings every week which they are expected to do before class. These readings come from a variety of sources and will be provided via Canvas. There is no assigned book for this course. Quizzes will be administered each Tuesday to ensure students have been reading the material.
LabsThere are two lab sections to the course, you must be signed up for one of them. Labs will involve hands-on activities designed to help you better understand the material. Labs are due at the beginning of class Tuesday.
The class project is a term paper where you will be analysing a public security breach from three angles: technical, legal, and social. The goal is to get an in-depth understanding of what a single security breach looks like, what causes it, and how the ramifications of the breach play out. There will be four milestones:
Summarize the breach
Pick a breach that you think is interesting and provide a high level summation of what happened. The goal of this milestone is to give the Professor and the AI a chance to comment on your choice and provide feedback.
Provide a technical analysis of what happened. Describe whole attack at a high level. Select one technical aspect of the attack and describe the attacked technical component in detail. For example, in the attack on Target ActiveX is a likely way the attacker gained access, so you might provide a detailed description of what ActiveX is, how it relates to security, and how it might have played a role in this attack.
Provide an analysis of the legal, policy, and regulatory impact of the breach. Provide summaries of the legal cases brought against the company, any regulations involved, what agencies investigated, and any industry certifications that the breach put in jeopardy. Select one of these and describe it in depth.
Provide an analysis of the human component of the breach. Most breaches have a human component somewhere. Even if no end user was involved, system administrators are people too and cannot do everything at once. What organizational pressures, or social limitations might have resulted in this breach? Unfortunately, human factors of security are rarely published in breach analysis.