3 credits
Spring 2026 Lecture Distance Learning Upper Division
This course focuses on social, legal, and economic aspects of information security and privacy, also including ethics, policies, and human behavioral issues. The course covers the interactions between non-technological aspects of information security as well as relevant technological aspects. It focuses on how non-technological facets can inform and guide technological choices, and how technological choices can enhance or detract from the broader organizational and societal goals.
Learning Outcomes1Identify and describe the legal, organizational, and financial ramifications of security-related design and management decisions.
2Explain how to respond to a security incident, including recovery and cleanup, damage assessment, forensics and the handling of digital evidence so that it is admissible in court, and satisfying government requirements on the reporting of the incident.
3Identify, evaluate and assess the risks faced by an organization, and their impact and consequences should they materialize (including liability, reputational damage, disruption to operations, loss of customers). Recommend effective and appropriate measures to mitigate those risks.
4Explain the role of incentives in information security, and be capable of evaluating and modifying an organizational and reward structure so that it better aligns the interests of employees with those of the organization.
5Ensure compliance with privacy and data protection laws. Detect and remedy practices that have potential to give rise to violations of these laws.
6Identify major national laws that affect the practice of information security and explain potential interactions.
7Evaluate and improve an e-policy's in security and privacy aspects.
Prerequisites
Restrictions
made by Purdue students.