Skip to main content Link Search Menu Expand Document (external link)
LIS 640

LIS 640: Information Economics and Cybersecurity

Spring 2024

Instructor: Associate Professor Rick Wash
Email: rwash@wisc.edu
Meets: Tuesdays and Thursdays, 9:30–10:45am, Cataloging Lab (HC White Room 4191F, in the back of the iSchool Library)
Office Hours: Tuesdays, 11:00am-12:30pm, or by appointment: https://calendly.com/rwash/office-meeting
Office: Room 4251, Helen C. White

This course is a synchronous, in-person, 3 credit hour course at the University of Wisconsin–Madison in Spring 2024; all students meet at the same time in a classroom to work together.

Description

Modern technology created the Internet, but it also made the Internet a dangerous place full of hackers, viruses, fraud, and disinformation. As a society, we have been investing large amounts of technology, time, money, energy, and people into making the Internet safer and more secure, yet it seems to get worse every day.

This class takes a look at some of the major issues around cybersecurity and how we can improve security around modern technologies. Rather than focusing on technical issues, in this course we examine the role that humans play both in creating these problems, and in solving them. This course puts a strong emphasis on understanding patterns in human behavior around cybersecurity, and understanding the problems that center around the way humans use technology.

This course will discuss a number of the major challenges and issues in cybersecurity, including authentication, vulnerabilities, data breaches, and phishing. We will discuss both what these issues are, and how to break each one apart into its underlying human behaviors. In doing so, we will bring in relevant ideas from the social sciences to help us understand why people are behaving they way they are. We will then use this knowledge to come up with new solutions and policies that work with people to improve security.

Learning Goals

Understand the most important cybersecurity issues in society today, and their underlying causes.

Develop the ability to look at existing and new cybersecurity issues and identify some of the underlying human behaviors that enable that issue, and/or might help solve that issue.

Working in a team to use design and policy as a solution to human behavioral cybersecurity issues.

Develop a Security Mindset; Be able to think about system, technologies, situations and people through a security and human behavior lens and understand both how they can be taken advantage of, and how to get people to protect against that.

Textbooks

This course only has one required book:

“You’ll See This Message When Its Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches” by Josephine Wolff. MIT Press, Nov, 2018. ISBN 9780262349543.

The eBook version is fine; you can get links to buy an ebook from multiple major retailers here. The UW-Madison library has a single physical copy of the book (I think), but I have not been able to find a copy electronically through the library. So, I recommend buying the eBook. If you do find it electronically through the library, please let me know so I can share this knowledge with others in the class!

Also, UW-Madison provides free subscriptions to a number of major newspapers including The New York Times, and the Wall Street Journal. I highly recommend that you sign up for your free subscriptions. Throughout the semester, we will be reading news stories about cybersecurity events from these newspapers and analyzing them in class.

Structure

This class is organized into a weekly structure. Each week will have a topic, and all of the work in that week will be around that topic. Each week will have 3 parts: first, there will be readings and/or an assignment to prepare for the week. Most weeks, it will simply be readings, and I will ask you to fill out a short form where you summarize the readings and ask questions about them. Some weeks (like the first week), instead of a reading, I will have an assignment for you, though this will be rare. In the first class of the week, we will work work together to wrap our heads around some set of ideas – cybersecurity ideas, social science ideas – that are useful. And in the second class each week we will undertake a case study, were we look at a specific, real-world cybersecurity case, try to develop a thorough understanding of it, and make suggestions for preventing similar incidents in the future.

Each week I will assign a couple of readings. Generally, I will assign 1-2 news articles to read about some security incident, security technology, or something going on in the world related to cybersecurity. I will pair those with 1-2 book chapters or papers that discuss some underlying concepts and theories about human behavior that help us to think about cybersecurity more generally.

I work to make sure that you always have easy access to those readings. I will try not to assign articles that are behind paywalls, and when possible I will provide links that go through the Wisconsin library so you can access everything for free. If you are having trouble accessing one or more of the readings, please let me know. I can always just print-to-PDF and email the reading to you if needed. UW-Madison provides all students with subscriptions a number of major newspapers including the New York Times, and the Wall Street Journal. I recommend that you take advantage of this to sign up for accounts on those newspapers so we can read about current cybersecurity events in those papers: https://www.library.wisc.edu/news/2023/02/09/faculty-students-staff-free-access-to-wall-street-journal-new-york-times/

Assignments and Grading

In-class Work

Attendance is required in this class. We only have 14 class periods this semester, so let’s make each one count. Each week, you will receive a grade for some aspect of the in-class experience. Some weeks you will have an exercise and will be graded on that exercise. Some weeks will be mostly discussion, and you will be graded on participation in the discussion. And some weeks will involve presentations from your peers in class, and you will be graded on your presentation and how well you participate and provide comments and questions to your peers.

In-class grades are graded on a Check / Check Plus / Check Minus scale. A check means satisfactory performance; you participated in class, completed the exercise, or presented your ideas. Check pluses are relatively rare, and will be given to students who make the learning environment better for everyone by providing insightful commentary, helping other people think through ideas, bringing new ideas to the class, or other actions that benefit the class as a whole. Check minuses are also rare, and will be given to students who detract from class (e.g. by being a distraction), who do not participate at all in class discussions, who do exceptionally low-quality work, or who arrive late or leave early. If you miss class (or arrive very late or leave very early), you will receive a 0 for the class.

In-class work is 20% of the final grade.

Readings

For most weeks, we will have assigned readings. Each week, I will ask you to do the readings and answer a few simple questions about them. Most weeks, those questions will probably be a summary+question: summarize what you found interesting about the readings, and write one question that came up during your readings. These will also be graded on a check / check plus / check minus scale.

Readings are 10% of the final grade.

Assignments

In addition to the readings and in-class exercises/discussions, we will have a small number of written assignments. The class can roughly be broken into three parts, and each part will include one written assignment. The first assignment will be assigned on the first day of class and will be due the second day of class (aka during week 2).

Assignments are typically done individually and will be turned in via Canvas. On one assigment, the instructor may allow the assignments to be done either individually, or with a partner of your choosing. If you work with a partner, you must turn in a single assignment with both your names on it.

Assignments will be graded on a letter grade (A, AB, B, BC, etc.) scale.

For each of the assignments, you may also be expected to be present in class and prepared to discuss what you wrote during class and comment on your peer’s ideas. This in-class discussion will not be part of the grade for the assignment, but will be part of the in-class grade for that day.

The assignments, as a group, are worth 40% of your final grade.

Final

I do not believe in exams (for reasons that will make sense after week 3), so this class does not have a final exam. Instead, we will have a final paper that will be due during finals week. I will provide more information about the final paper during week 13 (two weeks before finals week).

The final paper will be graded on a letter grade (A, AB, B, BC, etc.) scale, and is worth 30% of your final grade.

When Things Come Up

I understand that things come up. This class is not the only thing you are doing, and sometimes you get sick, need extra time or just need a break. I will drop the three lowest in-class grades, and the two lowest reading grades. This effectively allows you miss the equivalent of one and a half weeks of class without penalty. You don’t need permission or to explain why you are dropping the grade; it is OK if things come up in your life (busy week, stressful week, sick, etc.) and you need to miss class to help you through it. If you have circumstances that require you to miss or underperform for more than these dropped assignments, then talk to the instructor (preferably ahead of time) and we can try to work out something. Excused absences are not discussed at the time of absence; they are only considered wholistically at the end of the semester and will only apply after dropping these lowest scores.

Since there are few assignments, I cannot drop any of the grades for the assignments. However, you may request a 1-week extension on one assignment, no questions asked — but only if the request is made at least 3 days before the assignment is due. If you realize that you cannot meet a deadline, please contact Dr. Wash immediately to request an extension. If an assignment happens to be due during a busy or bad time, this extension will hopefully allow you to move it to a better time. Each student can only use this accomodation once (i.e. can only get an extension on 1 of the assignments). However, note that if you do not do the assignment on time, then you will not be able to discuss your own assignment during class (but you should still participate and discuss work by your peers). Extension requests will not be granted after an assignment is due except in exceptional circumstances.

The final paper is due during the finals week. The deadline will be announcement when the final project is. If you need an extension on the final paper, please ask for it before finals week. I may or may not grant extensions on the final paper, but I can only grant a short extension so I have time to grade them and submit final grades on time.

If other things come up in your life that this dropped-grade and extension policy cannot handle, please contact me. My priority is that you have the opportunity to learn the ideas and concepts in this class. And I want your grade to accurately reflect the work you did and what you learned.

Course Policies and Procedures

Course Communication: All messages and announcements will be posted on Canvas; some announcements will also be posted to this website and/or sent via email to the email accounts of students registered in the class. You are expected to be familiar with all information posted on Canvas, so please check Canvas frequently and ensure that notifications are turned on so you are made aware of any posted announcements. You are also responsible for being aware of announcements made in class. Everyone is expected to pay attention and be familiar with these announcements.

Assignments: Assignments will be submitted online via Canvas. Late assignments will not be accepted. Of course, if negotiated in advance, reasonable exceptions may be granted by the professor.

Academic Integrity: By virtue of enrollment, each student agrees to uphold the high academic standards of the University of Wisconsin-Madison; academic misconduct is behavior that negatively impacts the integrity of the institution. Cheating, fabrication, plagiarism, unauthorized collaboration, and helping others commit these previously listed acts are examples of misconduct which may result in disciplinary action. Examples of disciplinary sanctions include, but are not limited to, failure on the assignment/course, written reprimand, disciplinary probation, suspension, or expulsion.

Basically, make sure that everything you turn in with your name on it is your own work, and don’t cheat or lie. If it feels like cheating, it probably is; if you are unsure please ask. Working together with other students in this class and other classes, however, is encouraged. Make sure that everything you turn in with your name on it is original work of yours.

For classes that involve complex thinking and no right answers like this, I strongly encourage you to work together and ask each other for help. Indeed, this course often requires you to work with others. Often when you have a problem or a confusion, the best place to go for help is your colleagues who are also working on similar issues. Also, the Internet is a fantastic source of information when you are stuck. Use these resources copiously. However, make sure that you personally write and understand all of the work that you turn in. Directly copying text that you don’t understand from the Internet, ChatGPT, or from others is academically dishonest.

Accommodations for Disabilities: The University of Wisconsin-Madison supports the right of all enrolled students to a full and equal educational opportunity. The Americans with Disabilities Act (ADA), Wisconsin State Statute (36.12), and UW-Madison policy (UW-855) require the university to provide reasonable accommodations to students with disabilities to access and participate in its academic programs and educational services. Faculty and students share responsibility in the accommodation process. Students are expected to inform faculty of their need for instructional accommodations during the beginning of the semester, or as soon as possible after being approved for accommodations. Faculty will work either directly with the student or in coordination with the McBurney Center to provide reasonable instructional and course-related accommodations. Disability information, including instructional accommodations as part of a student’s educational record, is confidential and protected under FERPA.

Absences: If you are not feeling well, please consider the health of your classmates and instructors and do not come to class. Students who are not feeling well should self-isolate and avoid close contact with others. The dropped grade policy means you don’t need prior approval, and don’t even need to explain your absence at all.

Credit Hours: This class meets for two, 75-minute class periods each week over the spring semester and carries the expectation that students will work on course learning activities (reading, writing, problem sets, studying, etc) for about 3 hours out of the classroom for every class period. The syllabus includes more information about meeting times and expectations for student work.

Diversity: Diversity is a source of strength, creativity, and innovation for UW-Madison. We value the contributions of each person and respect the profound ways their identity, culture, background, experience, status, abilities, and opinion enrich the university community. We commit ourselves to the pursuit of excellence in teaching, research, outreach, and diversity as inextricably linked goals. The University of Wisconsin-Madison fulfills its public mission by creating a welcoming and inclusive community for people from every background – people who as students, faculty, and staff serve Wisconsin and the world.

Generative AI and other outside resources: The use of generative AI tools (ChatGPT, Copilot, etc.), as well as other outside resources (Google, Wikipedia) is allowed and encouraged. Indeed, many (most?) cybersecurity professionals use these resources on a daily basis, and their use is an important part of real-world cybersecurity. However, it is important that everything you produce and turn is is something that 1) you produced, understand, and can stand behind; 2) that was obtained legally and ethically; and 3) that you take responsibility for. Do not ask generative AI tools to do your whole assignment and then turn in what it produces; that violates academic integrity and interferes with learning. Instead, find ways to worth with generative AI to produce better assignments. Think about it as a useful tool rather than a replacement for work. I also encourage you to reflect on your use of these tools and discuss their use with your peers and the instructor.

As we will discuss in class, the structure of the class has you repeatedly doing activities (such as analyzing cybersecurity incidents as case studies). This is done intentionally as practice; by doing similar activities repeatedly, with slightly increasing difficulty each time, you practice and get better and better at it. By the end of the semester, you will find that you are much better at it than you were when you started.

However, when you use ChatGPT (or Google, or a friend) to do the thinking or the writing for you, you don’t actually get better. While it might help you in the moment, my experience is that students who rely on ChatGPT to do parts of their work end up not being able to handle the more complex and interesting assignments at the end of the semester because they didn’t build up the skills over time. As you use ChatGPT, try to use it to help you think, not replace your thinking. A good rule of thumb: if using ChatGPT saves you time, it is probably replacing your thinking (which is bad); if your assignment takes longer because of ChatGPT, then it is helping you think more carefully and is likely augmenting your thinking.

Also, remember that all writing must be your own, or must be cited appropriately. Using generative AI to generate text and the claiming it as your own violates academic integrity.

Lecture Materials: Lecture materials and recordings for this course are protected intellectual property at UW-Madison. Students in courses may use the materials and recordings for their personal use related to participation in class. Students may also take notes solely for their personal use. If a lecture is not already recorded, students are not authorized to record lectures without permission unless they are considered by the university to be a qualified student with a disability who has an approved accommodation that includes recording. [Regent Policy Document 4-1] Students may not copy or have lecture materials and recordings outside of class, including posting on internet sites or selling to commercial entities, with the exception of sharing copies of personal notes as a notetaker through the McBurney Disability Resource Center. Students are otherwise prohibited from providing or selling their personal notes to anyone else or being paid for taking notes by any person or commercial firm without the instructor’s express written permission. Unauthorized use of these copyrighted lecture materials and recordings constitutes copyright infringement and may be addressed under the university’s policies, UWS Chapters 14 and 17, governing student academic and non-academic misconduct.

Religious Holidays: Students are responsible for notifying instructors within the first two weeks of classes about any need for flexibility due to religious observances. You may make up course work missed to observe a major religious holiday if you make arrangements in advance with the instructor. Absences due to religious holidays, when communicated in advance, will not count as one of the dropped scores.

Required Activity: To make up course work missed to participate in a university-sanctioned event, you must provide the instructor with adequate advance notice and written authorization from a university administrator.