CS 52300: Social, Economic, And Legal Aspects Of Security - Department of Computer Science - Purdue University Skip to main content

CS 52300: Social, Economic, And Legal Aspects Of Security

Course Description:

This course focuses on social, legal, and economic aspects of information security and privacy, also including ethics, policies, and human behavioral issues.  The course covers the interactions between non-technological aspects of information security as well as relevant technological aspects. It focusses on how non-technological facets can inform and guide technological choices, and how technological choices can enhance or detract from the broader organizational and societal goals.

Week 1

Overview of course.

Cyber crime

  • Identity theft and identity fraud
  • organized crime and terrorism
  • Underground hacking economy
  • law enforcement and prosecution

Week 2

Personnel security and insider threat

  • Data theft; information traceability
  • Sabotage
  • Personnel security issues: vetting, training, certifications, clearances, conflict of interests, monitoring
  • detection, mitigation, and prevention

Week 3

Computer forensics

  • Procedures: search and seizure, handling of evidence
  • Admissibility in court and jurisdiction
  • Standards and key organizations: American Society of Crime Laboratory Directors (ASCLAD), etc.

Week 4

Incident responses

  • Data collection, handling, analysis, validity
  • Damage assessment; pre-incident preparation; monitoring, detection, reaction
  • Standards and key organizations: CERT/CC, FIRST, etc.

Week 5

Economics of information security

  • Quantifying business value of security, and of investments therein
  • Quantifying value of privacy and data
  • Role of incentives in attack and defense;
  • Role of uncertainty and risk aversion
  • Role of insurance in cyber security

Week 6

Security management

  • Analysis and planning; organization; supervision
  • Evaluation and evolution as circumstances change
  • Organizational security/privacy policies and their enforcement
  • Standards and key organizations: NIST’s Security Content Automation Protocol, COBIT framework, etc.

Week 7

Behavioral and usability issues in security and privacy

  • Human factors in security; attitudes towards privacy, security
  • Measurement (online surveys, monitoring); social engineering attacks
  • Motivations of attackers; effects of monitoring and traceability on behavior
  • Designing for ease of use

Week 8

Privacy: social, ethical and legal considerations

  • General vs domain-specific; monitoring for compliance; enforcement
  • International issues: US versus other countries such as EU
  • Relationships between technical and legal notions of privacy
  • Related laws: HIPPA, GLBA, COPPA, FERPA
  • Midterm exam

Week 9

Regulations and compliance

  • Electronic commerce; privacy; monitoring for compliance; enforcement
  • Contract issues, copyright, trademark, trade secret
  • Digital Rights Management (DRM)
  • Digital Millennium Copyright Act and the European Union's Copyright Directive
  • Related laws: Electronic Communications Privacy Act(ECPA), Computer Fraud and Abuse Act (CFAA), etc.

Week 10

Liability and its limits for intermediaries (mere conduit, caching, hosting)

  • Software liability and impact of software security
  • Data breach liability
  • Intermediary liability issues

Week 11

Cyber warfare and international issues

  • Cyber weapons
  • Cyber espionage
  • International laws and treaties

 Week 12

Risk management

  • Quantitative and qualitative risk assessment.
  • Exposure factors; controlling risk
  • Metrics and quantification and their limitations; risk reviews

Week 13

Ethical aspects of information security

  • Design for accessibility
  • Protection from harmful, inaccurate, or misleading content
  • Balance need for monitoring and surveillance and respect of personal privacy

Week 14

Emerging topics

Week 15

Reviews and case studies carried out by students.

Last Updated: Feb 15, 2019 3:18 PM

Department of Computer Science, 305 N. University Street, West Lafayette, IN 47907

Phone: (765) 494-6010 • Fax: (765) 494-0739

Copyright © 2024 Purdue University | An equal access/equal opportunity university | Copyright Complaints

Trouble with this page? Disability-related accessibility issue? Please contact the College of Science.