Bruce Schneier, Risks of Data Reuse, CRYPTO-GRAM, July 15, 2007, http://www.schneier.com/crypto-gram-0707.html.



Similar documents
The Information Security Problem

Computer Security Literacy

Module 5: Analytical Writing

BBM 461: SECURE PROGRAMMING INTRODUCTION. Ahmet Burak Can

CPSC 467: Cryptography and Computer Security

MODULES FOR TRAINING PROGRAMMES ON CYBER SECURITY

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

CONSUMER PRIVACY AND DATA PROTECTION

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Network Security in Building Networks

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Introduction to Cyber Security / Information Security

Course Outline Computing Science Department Faculty of Science. COMP Credits Computer Network Security (3,1,0) Fall 2015

Cisco RSA Announcement Update

The McAfee SECURE TM Standard

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Network Security Engineering: Introduction

Weighted Total Mark. Weighted Exam Mark

External Supplier Control Requirements

Network Security Essentials:

Spyware: Securing gateway and endpoint against data theft

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

INFORMATION PROTECTED

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Cybercrime in Canadian Criminal Law

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Information Security Law: Control of Digital Assets.

A Systems Engineering Approach to Developing Cyber Security Professionals

BE SAFE ONLINE: Lesson Plan

Top tips for improved network security

Network & Information Security Policy

Information Security. CS526 Topic 1

RUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology

Information Security Policy

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Information Security. Louis Morgan, CISSP Information Security Officer

Cybercrimes: A Multidisciplinary Analysis

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

CHAPTER 10: COMPUTER SECURITY AND RISKS

Network Security and the Small Business

US-CERT Overview & Cyber Threats

Ursuline College Accelerated Program URSULINE COLLEGE

How To Understand The History Of The Web (Web)

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Computer Scene Technical Ltd ("We") are committed to providing the best service and protecting & respecting all our customers.

Title of Course: Cyberlaw New Course: 10/25/02

Sample Employee Network and Internet Usage and Monitoring Policy

DATA PROTECTION LAWS OF THE WORLD. India

Computer Security (EDA263 / DIT 641)

Information Security Basics: Starting a Security Awareness Program at your Station. Seton R. Droppers, CISSP PBS

EECS 588: Computer and Network Security. Introduction January 14, 2014

NETWORK MANAGEMENT DISCLOSURE

Emerging Security Technological Threats

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

COMP-530 Cryptographic Systems Security *Requires Programming Background. University of Nicosia, Cyprus

OCR LEVEL 3 CAMBRIDGE TECHNICAL

MS Information Security (MSIS)

Principles of ICT Systems and Data Security

white paper Malware Security and the Bottom Line

Information, Network & Cyber Security

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Data Center Security in a World Without Perimeters

The Impact of Cybercrime on Business

Achieve more with less

Service Schedule for Business Lite powered by Microsoft Office 365

CEH Version8 Course Outline

INTERNET ACCEPTABLE USE POLICY

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Content Teaching Academy at James Madison University

Zurich Security And Privacy Protection Policy Application

STANDARD ON CONTROLS AGAINST MALICIOUS CODE

The Protection Mission a constant endeavor

COMPUTER-INTERNET SECURITY. How am I vulnerable?

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

Stopping zombies, botnets and other - and web-borne threats

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

EECS 588: Computer and Network Security. Introduction

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu

An Investigation into the Human/Computer Interface from a Security Perspective. Daniel J. Cross. A Proposal Submitted to the Honors Council

COSC 472 Network Security

TERMS OF SERVICE TELEPORT REQUEST RECEIVERS

Designing federated identity management architectures for addressing the recent attacks against online financial transactions.

How are we keeping Hackers away from our UCD networks and computer systems?

Before. The House Committee on Small Business Subcommittee on Regulatory Reform and Oversight. March 16, 2006

Jort Kollerie SonicWALL

CPSC 467b: Cryptography and Computer Security

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

30 Independent Study. 60 (e.g. lectures, seminars and supervised group activity)

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office

Tutorial Letter Semester 1/2016 FEEDBACK TUTORIAL LETTER, ACCOUNTING INFORMATION SYSTEMS (AIS822S) Assignment 1 Solutions and Comments.

Transcription:

Computer and Network Privacy and Security: Ethical, Legal, and Technical Considerations: Syllabus History will record what we, here in the early decades of the information age, did to foster freedom, liberty, and democracy. Did we build information technologies that protected people s freedoms even during times when society tried to subvert them? Or did we build technologies that could easily be modified to watch and control? Bruce Schneier, Risks of Data Reuse, CRYPTO-GRAM, July 15, 2007, http://www.schneier.com/crypto-gram-0707.html. Protecting privacy and ensuring security requires watch and control technology. How much should we build and how should we use it? We should answer this question in a way fully informed by our fundamental values. Unfortunately, this is not happening. The economic concerns of businesses not our values are driving a rapid and extensive development of watch and control technology. Unless otherwise indicated, all readings are available on the course websites. For the Chicago-Kent website go to www.kentlaw.edu/classes, click on Richard Warner, click on Privacy and Security. Assignments: (1) Setting up PGP encryption; (2) short comment on user and privacy policies; (3) final paper. I. INTRODUCTION TO AMERICAN LAW (for non-law students) Tutorials (go to www.kentlaw.edu/classes, click on Richard Warner, click on Introduction to American law. ) Aalberts et al., Trespass, Nuisance, and Spam: 11 th Century Common Law Meets the Internet Warner, Adjudication (recommended) II. WHY PRIVACY MATTERS A. Privacy Values and Interests Asimov, The Dead Past (Xerox) Kang, Information Privacy in Cyberspace Transaction (selections) 1. Privacy values: Spatial, decisional, informational a. Relations among these interests

Warner, Surveillance and the Self (selections) Warner, Why Privacy Matters (selections) 2 The Common Knowledge Background 3. Privacy and the Self B. Information and Market Efficiency Charles E. Lindblom, THE MARKET SYSTEM: WHAT IT IS, HOW IT WORKS, AND WHAT TO MAKE OF IT (recommended only--book available on Amazon). 1. Targeted Advertising Don Peppers & Martha Rogers, THE ONE TO ONE FUTURE: BUILDING RELATIONSHIPS ONE CUSTOMER AT A TIME 138 (1st Currency paperback ed. 1996) (recommended only--book available ). 2. Price Discrimination Varian, Price Discrimination C. Privacy Norms Daniel Solove, A Taxonomy of Privacy Ann Bartow, A Feeling of Unease about Privacy Law Warner, Norms 1. The common law privacy torts Dwyer v. American Express Topheavy Studios, Inc. v. Jane Doe (recommended) Remsberg v. Docusearch, Inc. (recommended) Michaels v. Internet Entertainment Group, Inc., et al (recommended) III. PRIMER ON THE INTERNET Warner, Introduction Solomon and Chapple, INFORMATION SECURITY ILLUMINATED, Chapter 6.1

A. Structure of the Internet B. Intelligent Versus Dumb Networks C. The End-To-End Principle D. Openness and Its Costs 1. Non-Proprietary Protocols 2. No Gatekeeper 3. Implied-permission access IV. PRIVACY: WHAT TECHNOLOGY HAS CHANGED A. Increased Powers of Surveillance, Aggregation, and Analysis Odlyzko, Privacy and the Clandestine Development of E-Commerce Odlyzko, Privacy, Economics, and Price Discrimination on the Internet Levinson and Odlyzko, Too Expensive to Meter Privacy International, A Race to the Bottom: Privacy Ranking of Internet Service Companies Privacy International, 2007 Privacy Rankings Warner, Surveillance and the Self (selections) Warner, Why Privacy Matters (selections) B. Prospects for Privacy Norms V. GENERAL INTRODUCTION TO INFORMATION SECURITY Anderson, SECURITY ENGINEERING, Chapters 1, 22.1 22.2, and 22.5 (Chapters may be downloaded from http://www.cl.cam.ac.uk/~rja14/book.html or hard copy book can be purchased) Solomon and Chapple, INFORMATION SECURITY ILLUMINATED, Chapters 1, 2.1, 3, 7.9 (hard copy)

A. Foundations of Information Security 1. Security goals: the confidentiality, integrity, availability triad 2. Security standards and policies 3. Security mindset 4. Defense in depth 5. Brief overview of threats 6. Security versus usability, time, and/or money tradeoffs A. Very Brief Overview of Risk Assessment VI. THE ECONOMICS OF INFORMATION SECURITY A. Information Security as a Negative Externality Anderson, The Economics of Information Security B. The Lemons Market in Security Products Bruce Schneier, A Security Market for Lemons, http://www.schneier.com/crypto-gram-0705.html C. Prevention or Response? 1. Prevention technologies 2. Response and remediation D. Market Solutions 1. Information markets Sunstein, INFOTOPIA: HOW MANY MINDS PRODUCE KNOWLEDGE (selections) A. Insurance Kalinich, Network Risk Insurance: A Layman s Overview AIG on network risk insurance, http://www.aigexecutiveliability.com/executiveliability/productdetail/0,2128, 448-13-2995,00.html

E. Legal Solutions A. The need for norms VII. SOFTWARE A. Why Software Vulnerabilities Are Inevitable Anderson, Chapter 22.3. 1. Technological reasons 2. Economic reasons B. The Problem of A Single Dominant Operating System C. A Role for Open Source Software D. Legal Responses 1. Industry standards In re America Online Inc. Version 5.0 Software Litigation Kaczmarek v. Microsoft Corp. (recommended) In re Sony BMG DD Technologies Litigation (recommended) 2. The large grey area E. Market responses Sunstein, INFOTOPIA: HOW MANY MINDS PRODUCE KNOWLEDGE (selections) idefense http://labs.idefense.com. F. End User License Agreements Lemley, Terms of Use ProCd v. Zeidenberg Klocek v. Gateway VIII. INFORMATION SECURITY TECHNOLOGY A. Technology

1. Protocols Anderson, Chapter 2, omitting 2.7 2. Authentication and Passwords Solomon and Chapple, Sections 2.6, 2.8, and 10.6 Anderson, Chapter 3 3. Cryptography and Digital Systems Solmon and Chapple, Chapter 5 Anderson, Chapter 5.1 5.3 4. Access Control Solmon and Chapple, Chapter 10.5 10.6 Anderson, Chapter 4, skipping 4.3 B. Legal responses 1. Negligence liability Guin v. Bazos Forbes v. Wells Fargo Bank Banknorth v. BJ's Wholesale Club Sovereign Bank v. BJ's Wholesale Club 2. Disclosure statutes California Civil Code Section 1798.82 Federal Trade Commission Identity Theft Survey Report XI. MALWARE, SPYWARE, ADWARE A. Viruses, Worms, and Trojans 1. Legal responses United States v. Morris Entry of Verizon-Maine into the InterLATA Telephone Market 2. Market responses B. Spyware and Adware 1. Legal responses

Tom Hughes, How Well Do You Know Your Internet Marketing Partners? In the Matter of Direct Revenue 2. Market Reponses X. DENIAL OF SERVICE AND NETWORK ATTACKS A. Network Infrastructure including security Solmon and Chapple, Chapter 6.2 6.5 Anderson, Chapter 6.2 B. Botnets C. Network Attacks, Technological Defense Measures Solomon and Chapple, Chapters 7.8 71., 11.1 11.3, and 12 Anderson, Chapter 18 1. Spyware programs 2. Firewalls Solomon and Chapple, Chapter 8 3. Network intrusion detection Solomon and Chapple, Chapter 13 C. Market Responses D. Legal Responses XI. E-MAIL (if time allows) A. What Is Spam? CAN SPAM Act B. Who Should Attempt to Regulate Spam? Media3 Technologies, LLC v. Mail Abuse Prevention System Hall v. Earthlink Network, Inc.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information