Course Policies and introductions (20 min)

- Sign up for research gate: it is free!

Security Careers in-class activity (20 min)

- if necessary Create a linked in profile

- View and edit one other person's profile in the class

- Discuss the task for which you should be recommended by this person, and what you would recommend for them.

- Consider mutual recommendations

Modic, D., & Anderson, R. (2014). Reading this may harm
your computer: The psychology of malware warnings.
Computers in Human Behavior, 41, 71-79.
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2374379

Garg, V., & Camp, J. (2013). Heuristics and biases:
implications for security design. IEEE Technology and Society
Magazine, 32(1), 73-79.
http://www.ljean.com/files/Biases.pdf

You've Been Phished! - National Institute of Standards and Technology
https://www.youtube.com/watch?v=vheFIrl1LAs

Thinking Fast and Slow - Daniel Kahneman
https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555

Teams Assigned

Connelly, K., Khalil, A., & Liu, Y. (2007, September). Do I do
what I say?: Observed versus stated privacy preferences. In
IFIP Conference on Human-Computer Interaction (pp. 620-
623). Springer, Berlin, Heidelberg.
https://link.springer.com/content/pdf/10.1007/978-3-540-74796-3_61.pdf

Rashidi, Y., Ahmed, T., Patel, F., Fath, E., Kapadia, A., Nippert
-Eng, C., & Su, N. M. (2018). " You don't want to be the next
meme": College Students' Workarounds to Manage Privacy in
the Era of Pervasive Photography. In Fourteenth Symposium
on Usable Privacy and Security ({SOUPS} 2018)(pp. 143-157).
https://www.usenix.org/system/files/conference/soups2018/soups2018-rashidi.pdf

Password Security Fatigue - National Institute of Standards and Technology
https://www.youtube.com/watch?v=rdcmLp_qDPo

Montangero, S., Vittone, F., Olderbak, S., & Wilhelm, O.
(2018). Exploration of experimental design and statistical
methods using the stick-on-the-wall spaghetti rule. Teaching
Statistics, 40(2), 40-45.
https://onlinelibrary.wiley.com/doi/epdf/10.1111/test.12149

Quality Research for Education - Robert C. Bogdan & Sari Knopp Biklen
(In Class)

Interviewing as Qualitative Research (3rd Edition)- Irving Seidman
(In Class)

Chapter 4 of Computers at Risk: Safe Computing In the
Information Age - National Research Council
https://www.nap.edu/read/1581/chapter/4#56

The Value of a Hacked Email Account - Kerbs On Security
http://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/

Bruce Schneier part 6 of 18 - Security theater - estpictures
https://www.youtube.com/watch?v=DRCi4zxPJaU

Project Plan

Acquisti, A., John, L. K., & Loewenstein, G. (2013). What is
privacy worth?. The Journal of Legal Studies, 42(2), 249-274.
https://www.journals.uchicago.edu/doi/abs/10.1086/671754

Danezis, G., Lewis, S., & Anderson, R. J. (2005, June). How
much is location privacy worth?. In WEIS (Vol. 5).
http://infosecon.net/workshop/pdf/location-privacy.pdf

Anderson, R., & Moore, T. (2006). The economics of
information security. Science, 314(5799), 610-613.
https://science.sciencemag.org/content/314/5799/610.full

Odlyzko, A. (2004). Privacy, economics, and price
discrimination on the Internet. In Economics of information
security (pp. 187-211). Springer, Boston, MA.
https://link.springer.com/chapter/10.1007/1-4020-8090-5_15

Your privacy on Facebook: What you need to know - WFLA News Channel 8
https://www.youtube.com/watch?v=ZBX5PKvkbXA

Appendix A The Orange Book of Computers at Risk: Safe
Computing In the Information Age - National Research Council
https://www.nap.edu/read/1581/chapter/12#242

Pick a vulnerability and map it using the the link below
https://www.overleaf.com/project/580e5b238411ceab082050dc

The Enigma Machine explained - Science Museum
https://www.youtube.com/watch?v=CspaXNkC2ec

The Right to Privacy - Warren and Brandeis
https://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html

Fair Information Practice Principles
https://iapp.org/resources/article/fair-information-practices/

Anthony Comstock: American Prude - Erik Loomis (www.lawyersgunsmoneyblog.com)
http://www.lawyersgunsmoneyblog.com/2012/02/anthony-comstock-american-prude

Hamilton - We Know
https://www.youtube.com/watch?v=tBj2GL_12R4

Hamilton - The Reynolds Pamphlet
https://www.youtube.com/watch?v=tBj2GL_12R4

Information Security Law - Steven Robinson Part 1
https://www.symantec.com/connect/articles/us-information-security-law-part-1

https://www.symantec.com/connect/articles/us-information-security-law-part-2

Lacey, D. (2010). Understanding and transforming
organizational security culture. Information Management &
Computer Security, 18(1), 4-13.
https://www.emerald.com/insight/content/doi/10.1108/09685221011035223/full/html

Wall, D. S. (2013). Enemies within: Redefining the insider
threat in organizational security policy. Security journal, 26(2), 107-124.
https://link.springer.com/article/10.1057/sj.2012.1

Insider Threat Animation Part 1: What is Insider Threat? - Seccom Global
https://www.youtube.com/watch?v=od43vyZe5Q8

Mitrou, L., & Karyda, M. (2010). Bridging the gap between
employee surveillance and privacy protection. In Ubiquitous
and Pervasive Computing: Concepts, Methodologies, Tools,
and Applications (pp. 1331-1349). IGI Global.
link here

Privacy Rights vs. Employee Tracking - KPBS
https://www.youtube.com/watch?v=U-mqdz-20Xs

Davis, T., Peha, J. M., Burger, E. W., Camp, L. J., & Lubar, D.
(2014). Risking it All: Unlocking the Backdoor to the Nation's
Cybersecurity. Available at SSRN 2468604.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2468604

PRIVACY = Freedom & Liberty | Ann Cavoukian | TEDxVaughanWomen (up to 5:00)
https://www.youtube.com/watch?v=G80-te9fwVE

Bibliography

Parkin, S., Fielder, A., & Ashby, A. (2016, October). Pragmatic
security: modelling IT security management responsibilities for
SME archetypes. In Proceedings of the 8th ACM CCS
International Workshop on Managing Insider Security Threats (pp. 69-80). ACM.
https://dl.acm.org/doi/10.1145/2995959.2995967

Florêncio, D., & Herley, C. (2010, July). Where do security
policies come from?. In Proceedings of the Sixth Symposium
on Usable Privacy and Security(p. 10). ACM.
https://dl.acm.org/doi/10.1145/1837110.1837124

Talk About IT - IT Security Policy & Risk Assessment
https://www.youtube.com/watch?v=uGta11s8uoY

Cranor, L. F., Hoke, C., Leon, P., & Au, A. (2014, March). Are
they worth reading? An in-depth analysis of online advertising
companies' privacy policies. In 2014 TPRC Conference Paper.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2418590

Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2011). The
effect of online privacy information on purchasing behavior: An
experimental study. Information Systems Research, 22(2), 254-268.
https://pubsonline.informs.org/doi/abs/10.1287/isre.1090.0260

Google Privacy Policy Update - Google
https://www.youtube.com/watch?v=KGghlPmebCY

Kristian Koz at al, Issued for Abuse: Measuring the
Underground Trade in Code Signing Certificates, WEIS 2018
https://arxiv.org/abs/1803.02931

Reading 2 Vratonjic, N., Freudiger, J., Bindschaedler, V., & Hubaux, J. P. (2013).
The inconvenient truth about web certificates.
In Economics of information security and privacy iii (pp. 79-117).
Springer, New York, NY.
https://www.econinfosec.org/archive/weis2011/papers/The%20Inconvenient%20Truth%20about%20Web%20Certificates.pdf

Parkin, S., Fielder, A., & Ashby, A. (2016, October). Pragmatic
security: modelling IT security management responsibilities for
SME archetypes. In Proceedings of the 8th ACM CCS
International Workshop on Managing Insider Security Threats (pp. 69-80). ACM.
https://dl.acm.org/doi/10.1145/2995959.2995967

BSidesSF 2018 - Hacking the Law: Are Bug Bounties a True Safe Harbor? (Amit Elazari)
https://the-parallax.com/2018/04/20/bug-bounties-safe-harbor-rsa-bsides/

Anderson, R., Barton, C., Böhme, R., Clayton, R., Van Eeten,
M. J., Levi, M., ... & Savage, S. (2013). Measuring the cost of
cybercrime. In The economics of information security and
privacy (pp. 265-300). Springer, Berlin, Heidelberg.
https://link.springer.com/chapter/10.1007/978-3-642-39498-0_12

Garg, V., & Camp, L. J. (2015). Why cybercrime?.
ACM SIGCAS Computers and Society, 45(2), 20-28.
https://dl.acm.org/doi/10.1145/2809957.2809962

First ever Risky.Biz YouTube rant with Patrick Gray - Risky Business (Up to 3:00)
https://www.youtube.com/watch?v=0o5PRIrQq48

Kreibich, C., Kanich, C., Levchenko, K., Enright, B., Voelker,
G. M., Paxson, V., & Savage, S. (2009, April). Spamcraft: An
Inside Look At Spam Campaign Orchestration. In LEET.
https://static.usenix.org/event/leet09/tech/full_papers/kreibich/kreibich.pdf

Koshy, P., Koshy, D., & McDaniel, P. (2014, March). An
analysis of anonymity in bitcoin using p2p network traffic. In
International Conference on Financial Cryptography and Data
Security (pp. 469-485). Springer, Berlin, Heidelberg.
https://link.springer.com/chapter/10.1007/978-3-662-45472-5_30

An undertaking of great advantage, but nobodyto know what it
is: Bubbles and gullibility - Andrew Odlyzko
http://www.dtc.umn.edu/~odlyzko/doc/mania17.pdf

Guest: Dr. Bob Blakley,
Operating Partner at Team 8
https://www.linkedin.com/in/bob-blakley-92512b/

Threat Modeling: What, Why, and How?
https://misti.com/infosec-insider/threat-modeling-what-why-and-how/

The Value of a Hacked Company - Kerbs On Security
https://krebsonsecurity.com/2016/07/the-value-of-a-hacked-company/

Guest:Gale Pomper
Computer Networking Consultant and Contractor
https://www.linkedin.com/in/dr-gale-pomper-a935124/

Chapter 1 of
Rowe, Neil C., and Julian Rrushi.
Introduction to cyberdeception.
Cham: Springer International Publishing, 2016. (On Canvas)

Chapter 2 - Psychology of Deception
Chapter 3 - Professional Deception
Chapter 11 - First 2 paragraphs of 11.8.1
Chapter 12 - Calculating effectiveness of a campaign pp161-166
Chapter 12 -Planning of a campaign pp170-175
Rowe, Neil C., and Julian Rrushi.
Introduction to cyberdeception.
Cham: Springer International Publishing, 2016. (On Canvas)

Guest: Dr. Mary Ellen Zurko,
Principal Engineer, NGFW/NGIPS,
Security Business Group
https://www.linkedin.com/in/maryellenzurko/

Sasse, M. A., & Flechais, I. (2005). Usable security: Why do
we need it? How do we get it?. O'Reilly.
https://discovery.ucl.ac.uk/id/eprint/20345/2/cransimpsonbook.pdf

Vaniea, K. E., Rader, E., & Wash, R. (2014, April). Betrayed by
updates: how negative experiences affect future security. In
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems(pp. 2671-2674). ACM.
https://dl.acm.org/doi/10.1145/2556288.2557275

IoT security in the Digital Enterprise: Security by Design - HPE Technology
https://www.youtube.com/watch?v=CzsJNZ6RkqI

Guest: Dr. Adam Tagert,
Science of Security (SoS) Researcher,
National Security Agency Research Directorate
https://www.linkedin.com/in/adam-tagert-7a080221/

Cavoukian, A., Taylor, S., & Abrams, M. E. (2010). Privacy by
Design: essential for organizational accountability and strong
business practices. Identity in the Information Society, 3(2), 405-413.
https://link.springer.com/article/10.1007/s12394-010-0053-z

Hong, J. I., Ng, J. D., Lederer, S., & Landay, J. A. (2004, August).
Privacy risk models for designing privacy-sensitive ubiquitous computing systems.
In Proceedings of the 5th conference on Designing interactive
systems: processes, practices, methods, and techniques (pp. 91-100).
https://dl.acm.org/doi/10.1145/1013115.1013129

Privacy by Design - Dr. Ann Cavoukian (CABAConf)
https://www.youtube.com/watch?v=wNA_K5M8rXc

Guest: Behnood Momenzadeh,
Intern at Google,
Doctoral Candidate at IU
https://www.linkedin.com/in/behnood-momenzadeh-202b374a/

Ross Anderson, Ilia Shumailov and Mansoor Ahmed,
"Making Bitcoin Legal", Security Protocols Workshop; 2018
https://www.cl.cam.ac.uk/~rja14/Papers/making-bitcoin-legal.pdf

Nakamoto, Satoshi. "Bitcoin: A peer-to-peer electronic cash system."
https://bitcoin.org/bitcoin.pdf

Guest: Gary M. Deckard,
Program Lead,
Cybertropolis Cyber Range,
Muscatatuck Urban Training Complex
Doctoral Candidate at IU
https://www.linkedin.com/in/deckard/

Shackleford, Dave. "Combatting cyber risks in the supply chain." SANS. org (2015).
International Workshop on Managing Insider Security Threats (pp. 69-80). ACM.
https://www.raytheon.com/sites/default/files/capabilities/rtnwcm/groups/cyber/documents/content/rtn_273005.pdf

Obama, Barack. "National strategy for global supply chain security." The White House (2012).
https://obamawhitehouse.archives.gov/sites/default/files/national_strategy_for_global_supply_chain_security.pdf

James Bryce Clark, Technical Standards and Their Effects on E-Commerce Contracts:
Beyond the Four Corners, 59 Bus. Law. 345 (2003). on canvas.

Cryptography in the era of quantum computers
https://cloudblogs.microsoft.com/quantum/2020/02/26/cryptography-quantum-computers/