I330: Legal and Organizational Security Informatics
Readings and schedule for Organizational Informatics for Spring 2006.
11:15 - 12:05 pm Monday and Wednesday in OP 107
Professor Jean Camp
The Course in a Nutshell
January 12
Introduction and course overview
Today we handle who, when, and why. We will introduce ourselves. I will
define course policies. I will provide information about the project,
about grade distribution, etc.
This course is about ICTs, organizations and the role of security in organizations. The course has three primary elements.
First, the readings and lectures where the minimum critical topics
for literacy in organizations and information security are introduced. The readings
and lectures will focus primarily on theory, particularly looking at
organizations through the lens of economics.
Second, the discussion section. There will be some readings
during the discussion section, primarily those that apply to the
practical training part of the course.
Third, the three examinations in the course. The first is on
organizational theory. The second is on economics of information. The
third is on organizational and economic aspects of
organizations. There is no comprehensive final.
Introduction to Organizations
An organization can be considered a
single entity, a collection of competing subsets, a group of
self-optimizing individuals, a machine following a process, or a
cultural entity. In the first section of this course we will examine
each of those models.
For three of the models the reading will be Essence of Decision
.
This book is about the interaction of nation states rather than the
interactions of businesses. However, in terms of the descriptions of
three of these models there is no other reading that is short but
informative. There are more tedious readings, and readings made terse
by assumptions of the education of the reader. Therefore, the classic
by Allison will be used to discuss the issues. I will provide a very
short introduction to rational choices, and then examine the limits of
rationality. We return to the limits of rationality topic in Economics
and Uncertainty.
What are Organizations
Jan 14: Org Theory.
Organizational Models?
Questions to consider during reading
What are organizations: individual rational actors, collections of groups or
stakeholders, and as groups of political individuals with their own
visions and power struggles. Shafritz offers a larger view. What is an
organization? To what organizations do you belong? If you were to
design an web site for two organizations to which you belong what
would be public, and what private? How much would identity management
matter at a fraternity web site versus a departmental one? How would
privacy concerns differ?
Readings
Classics of Organization Theory, (6th Edition) by Jay M. Shafritz, Steven Ott, and Yong
Suk Jang; pp 1- 26.
Jan 19: Org Theory.
Rev. Dr. Martin Luther King Jr. Day
Until 1964, single rational organizations seeking employees listed them in four
categories: white man wanted, black man wanted, white woman wanted and
black woman wanted. Listing by race was prohited by the 1964 Civil
Rights Act. By 1971, listing jobs by gender was judged to be
prohibited as well. Here is one
job listing. Notice in the first that typing was a female
task, and notice that Bell was hiring women as Telephone Operators.
here in the next page. At this time programming was considered
typing which was, as you
can see from the other job listings, undeniably Women's Work.
Jan. 21: Org Theory.
Organizations as Single Rational Beings
Questions to consider during reading
There are three models of
organizations: individual rational actors, collections of groups or
stakeholders, and as groups of political individuals with their own
visions and power struggles. Readings
Allison "Essence of Decision", The Rational Actor, pp. 13 26.
Tversky and Kahneman, "Rational Choice and the Framing of Decisions" in Rational Choice, Hogarth and Reder, eds., pp. 67-94.
Jan. 26: Org Theory.
Organizations as Compilation of Stakeholders
Questions to consider during reading
Organizations are not
always entirely rational. Ironically, the rational organization
understands itself as being created by a group of components, and tries
to construct mechanisms to create effective interactions between the
components. Understanding the components of the organization can
prevent the creation of perverse incentives. Reading
Allison, Essence of Decision
, Model II: Organizational Behavior, pp. 143-160.
Jan 28: Org Theory.
Organizations as Cultures
Questions to consider during reading
Americans spend most of
their waking hours are work. Workplaces are not neutral or free from
emotion. Workplaces have their own cultures, some of which are
successfully cultured by management.
Readings
Ullman, Ellen. (1997) Close to the Machine, pp 17-27;95-121
Recommended Additional Reading
Van Mannen, J. (1991) "The
Smile Factory: Work at Disneyland." In Frost, P.J., L.E. Moore, M.R.
Louis, C.C. Lundberg and J. Martin (eds.): Reframing Organizational
Culture.
Feb. 2: Org Theory.
Organizations as Machines
Questions to consider during reading
Have you experienced an organization as process response to a problem?
Readings
Morgan, Gareth (1997) "Ch. 6: Organizations as Machines" in Images of Organization. London: Sage,
Feb. 4: Org Theory.
Organizational Impact
Questions to consider during reading
Why is IT important in an organization? Are ICTS inherently valuable?
If not, how do ICTs illustrate their value. Unlike classic
organization theory classes, this one examines organizations and their
inteaction with ICTs.
Reading
John Mendonca, Organizational Impact, The Internet Encyclopedia ed. Hossein Bidgoli, John Wiley & Sons (Hoboken, New Jersey) 2003. Vol. 2, pp 832 - end.
Optional Reading
Carr, Nicholas G., "IT Doesn't Matter"Harvard Business Review, May 2003.
Feb 9: Org Theory.
Organizational Models: Business and Government,
Not Opposites
Questions to consider during reading
From where do organizations come? Is it just the cooperation of a many
people? Economic forces? Group psychology? Indeed, business are
presented in media and academy as distinct and clear opposites. Yet in
fact their interaction is quite deep and profound. Government plays a
critical role in creating markets.
Readings
Deborah Spar Ruling the Waves pp. 1-22, p.124-289
Feb. 11: Org Theory.
A Case Study of Business,
Government and Technology: DNS
Questions to consider during reading
What is the profit in the selling of domain names? What is the cost?
Were the concerns of these authors valid? Which ones have come to
pass, and which ones have not?
Reading:
Fool Me Once, Shame on You, A Critical Look at the Privitization of ICANN
Michael Froomkin's discussion of power concentration The
Empire Strikes Back and in particular how ICANN is a part of
this trend in
Of Governance and Governments
Optional Reading:
Hatch, Mary Jo & Cunliffe, Ann, Organization Theory: Modern,
Symbolic and Postmodern Perspectives, Oxford: Oxford University
Press, 2006, Ch 4.
Feb 16: Info Econ.
Digital is Different
Questions to consider during reading
Fundamental assumptions underlie market economics. How does digital challenge those assumptions.
Readings
# Delong and Froomkin (1997) "The Next Economy?" Internet Publishing
and Beyond: The Economics of Digital Information and Intellectual
Property. Edited by B Kahin and H Varian. Cambridge, MA MIT Press.
http://www.law.miami.edu/~froomkin/articles/newecon.htm
Feb 18: Info Econ.
Games Companies Play
Readings
R. Hirschman, Exit, Voice, and Loyalty. Chapters 1, 2, 3, and 8 (pp. 1-20, 21-29, 30-43, 106-119)
Questions to consider during reading
What happens when an organization is broken? How do the people that make up organizations choose to function or fail to function in an organization?
Readings
R. Hirschman, Exit, Voice, and Loyalty. Chapters 1, 2, 3, and 8 (pp. 1-20, 21-29, 30-43, 106-119)
Feb. 23: Org Theory Tes.
Test
Feb 25: Info Econ.
Interconnection and Network Effects
Questions to consider during reading
Feedback is a critical concept in the economics of networks and in network-based competition.
Reading
Noam, Interconnecting the Network of Networks, MIT Press, 2001. pp. 1-25, 54-68
Optional Reading
The Economics of Networks, by Nicholas
Economides, International Journal of Industrial Organization, Vol. 16,
no. 4, pp. 673-699 (October 1996). Available on-line
Mar 2: Info Econ.
Lock-in and feedback
Questions to consider during reading
Network economics implies feedback. Feedback can cause lock-in. How easy will it be for you to get a new email? A new phone?
Readings
W. B. Arthur, "Competing
Technologies, Increasing returns and Lock-in by Historical Events", The
Economic Journal, Vol 99, Issue 394, pp116-131
P. A. David "Clio and the Economics of Qwerty" The American
Economic Review, Vol 75, Issue 2, Papers and Proceedings of the 97th
Annual Review of the American Economic Association, May 1985, pp.
332-337.
Mar 4: Info Econ.
Versioning
Questions to consider during reading
What is versioning? How does digital change versioning?
MLS listings on-line http://www.realtor.com and http://www.targetmls.com/
Amazon.com and www.barnes and noble.com and www.reiters.com
Readings
Information
Rules, Shapiro, Carl. & Varian, Hal, , Harvard Business School Press,
(Boston, MA) , c1999, pages 53-81
Mar 9: Info Econ.
Information Market Basics
Questions to consider during reading
How is content presentation different on the network? Why were they wrong? Why has there not been per-use
pricing? And is the application to network neutrality immediately
obvious to you?
Readings
Kalakota & Whinston, "Electronic Commerce"pp 251-282. Addison Wesley (Boston, MA)
Optional Readings
Gupta, Stahl & Whinston, Pricing of Services on the Internet http://cism.bus.utexas.edu/alok/pricing.html
Mar 11: Info Econ.
Intermediation
Questions to consider during reading
What is disintermediation?
Re-intermediation? How does a bookstore inherently bring together
certain business lines by virtue of physical location? Think about your
favorite sites or consider these sites:
The Hunger Site -- http://www.thehungersite.com -- could this work off line?
Readings
Laudon & Traver, "E-commerce" second edition. pp. 136 - 162 pages 28-33
Whinston & Kalakota, "Electronic Commerce" pp. 21 - 23
Mar 16 - 19
Spring Break
Mar. 23: Info Econ.
NPV and Options
Questions to consider during reading
Net present value and options theory are different ways of looking at
the same situation. When is one preferable? In class we will discuss
how security can be an investment, with NPV, or an option.
Readings
Luehman, "What's It Worth?: A General Manager's Guide to Valuation" HBR May - June pp. 133-141
Mar. 25: Info Econ.
Resource Economics
Questions to consider during reading
Economics is the science of scarcity (thus the dismal science).
Readings
Solow, "The Economics of Resources or the Resources of Economics" American Economic Review, May 1974, pp. 1-14.
Mar 30: Info Econ.
Case Study of Resource Economics
Questions to consider during reading
What is scarce? IPv4 addresses? Routing table allocations? NAT
expertise? What
difference does it make when the scarce resources are economic.
Readings
Diffusion and Adoption in the ARIN Region
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1255262
Apr 1: Info Econ.
Test
Apr 6: Info Econ & Orgs
Naming, Risk and Culture
Questions to consider during reading
Naming and trust are traditionally bound online in a manner that makes sense offline. If I know you by name offline I am likely to have a context; e.g. a social organization or neighborhood or religious community. However, a name online does not provide the same level of certainty. What is in a name? A rose by any other name, in theory, would smell as sweet. However, hazelnuts are considered somewhat gourmet while filberts were strictly for the common palette. While dried plums could be desirable, prunes have no such connotation.
Readings
Ross Anderson, Security Engineering Naming, pp. 124-133; PKI
pp. 401- 403.
Alexander Sotirov, Marc Stevens,
Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de
Weger, Creating a Rogue CA.
http://www.win.tue.nl/hashclash/rogue-ca/
(To protect yourself download this:http://www.cs.cmu.edu/~perspectives/firefox.html#install
Apr 8: Info Econ & Orgs
Social Security
Questions to consider during reading
Social networking brings security as well as privacy risk. Have you
ever refused a friend on FaceBook.
Readings
Steve Webb, J. Caverlee, and C. Pu, Social Honeypots: Making Friends with a Spammer Near You, in Proceedings of the Fifth Conference on Email and Anti-Spam (CEAS 2008),
indiana.edu/~phishing/social-network-experiment/phishing-preprint.pdf,
Phishing Attacks Using Social Networks
Apr 13: Info Econ & Orgs.
Who Needs Anonymity?
Questions to consider during reading
Under what conditions are you anonymous?
Readings
Tor:
The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson,
and Paul Syverson, 13th USENIX Security Symposium, August 2004.
www.blackhat.com/presentations/bh-usa-04/bh-us-04-dingledine.pdf
Apr 15: Info Econ & Orgs.
Trusting TRUSTe
Questions to consider during reading
organizational rather than technical considerations appear to be at
theart of the decisions by TRUSTe to offer certification to online organizations.
Readings
Benjamin Edelman, Adverse Selection in Online 'Trust' Certifications, Fifth Workshop on the Economics of Information Security, 2006, Cambridge, UK, available online, at http://weis2006.econinfosec.org/docs/10.pdf
Apr 20: Info Econ & Orgs.
Privacy and Price Discrimination
Questions to consider during reading
Have you experienced price discrimination? How would you know?
Readings
Odlyzko, Privacy and Price Discrimination CH 15, pp 187-21 www.dtc.umn.edu/~odlyzko/doc/privacy.economics.pdf
Apr 22: Info Econ & Orgs.
EULA
Questions to consider during reading
How are markets organized?
What were the inherent assumptions about markets in the readings from
last week? Where do markets come from? Who participates in defining the
rules of a market? What are EULA and UCITA?
Readings
The Uniform Computer Information Transactions Act: A Well Built Fence or Barbed Wire Around the Intellectual Commons?
uts.cc.utexas.edu/~lbjjpa/2001/bowman.pdf
Information Rules , Shapiro, Carl. & Varian, Hal, , Harvard
Business School Press, (Boston, MA) , c1999, also available as an
e-book, pp. 1-50
Optional Readings
National Academy of Science, The Digital
Dilemma: Intellectual Property in the Information Age. National Academy
Press, Washington, DC (2000); (contents completely available on-line)
pp. 1-75
Apr 27: Info Econ & Orgs.
Free Software as Strategy
Questions to consider during reading
Open code, free software and open source are categories of a radical
new way (or the old tried and true way) of organizing a market. What
are the differences or ways of organizing a software or information
market?
Readings
Lerner, Josh & Triole, Jean
2000 - 03
The Simple Economics of Open Source
http://opensource.mit.edu/papers/JoshLernerandJeanTriole-TheSimpleEconomicsofOpenSource.pdf
Tuomi,
I. (2001). Internet, innovation, and open source: Actors in the network
.First Monday ,6(1). Retrieved October 6, 2001, from http://firstmonday.org/issues/issue6_1/tuomi/index.html
MacCormack, Alan;
Herman, Kerry , Red Hat and the Linux Revolution (HBS Case Studies) Product
Number: 9-600-009
Apr 29: Info Econ & Orgs.
Security and Competition
Questions to consider during reading
What are the goals of security in theory? How does this differ from how
it is used in practice? Would the security strategies discussed in
Anderson work with open code?
Readings
Ross Anderson, Cryptography and Competition Policy: Issues with Trusted
Computing, http://www.cl.cam.ac.uk/ftp/users/rja14/tcpa.pdf
Schneier, 2002 Computer Security: Its the Economics, Stupid: Economics and Information Security Workshop, Berkeley, CA.
http://www.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/18.doc
Exam Period: Info Econ & Orgs
Test