Dr. Rachel Greenstadt
Department of Computer Science
Office: University Crossings 140
Tel: 1 215 895 2920
Email: rachel.a.greenstadt AT drexel edu
Office Hours: Wed 2:00-3:00 or by appt
Humans are usually the weakest link in information security. Technical measures are easily thwarted by end- user decisions. How are end user decisions made? This course examines security decisions online from the distinct perspective of economics, psychology, anthropology, evolutionary biology, and criminology. We will address topics such as System I vs. System II, mental models, risk perceptions, safety engineering, groups behaviors in primates.
- (INFO 110 Minimum Grade: D or INFO 310 Minimum Grade: D ) and PSY 101 Minimum Grade: D and ECON 201 Minimum Grade: D
The textbook for the course is The New School of Information Security by Adam Shostack and Andrew Stewart.
Coursework and Grading
Grading will consist of two exams, two projects,
online and in-class participation (including online discussion), and some
written homework assignments. Projects may be done in groups
of two or three people. The exams will be written,
in class, and cover topics from the textbook, lectures, and supplemental
This class will follow the departmental academic integrity policy.
Below is the grading breakdown:
- Midterm: 15%
- Final: 20%
- Security Breach Project: 20%
- Final Project: 15%
- Other homeworks, Class participation: 30%
The class participation grade will be determined by active participation in class discussions and exercises, including adding *short* discussion questions/points prior to class.
You have two late days to use on the project. After this, late assignments will be dropped 20% per day.
Note: This schedule is tentative and can change. In particular, look for readings to be added/changed.
January 9 : Intro to Security and Human Behavior
January 11 : The Security Industry
January 16: The Rise of the Security Breach
January 18: Discussion
January 23 : On Evidence
January 25 : Discussion
January 30 : Economics of Information Security 1
February 1 : Discussion
February 6 : Economics of Information Security 2
February 8 : Qualitative Research and Ethics Discussion
- No class due to Eagles parade, discussion online.
- CITI Training due
- Reading TBA
February 13 : Midterm
February 15 : Security Usability
February 20 : Guest Lecture
February 22 : Discussion
February 27: Psychology of Security
March 1 : Security Breach Discussion
- No class! Participate in an online discussion. Post a short description of the security breach and something interesting you found out about it by Thursday, March 1. Respond to someone else's post by next Tuesday, March 6.
March 6 : Discussion
March 8 : Discussion
March 13 : Conclusions and Review
March 15 : Last Day of Classes / Presentations