This class will use the case method to teach basic computer, network, and information security from a technology, law, policy, and business perspective. Using recent security incidents from the news, we will discuss the technical aspects of the incident, the legal and policy aspects of the problem, and business approaches to managing breaches. The case studies will be organized around the following topics: tracking political dissidents, state sponsored sabotage, corporate and government espionage, credit card theft, theft of embarrassing personal data, phishing and social engineering attacks, denial of service attacks, attacks on weak session management and URLs, cloud data storage as a security risk, wiretapping on the Internet, and digital forensics. Students taking the class will learn about the techniques attackers use, applicable legal prohibitions, rights, and remedies, and approaches to managing the risk and aftermath of an attack. Grades will be based on class participation (25%) and on a student term paper explaining the technical and legal concepts relevant to a recent cybersecurity breach of the student's choice, with instructor approval (75%). The class will be co-taught by Stanford Professor of Computer Science and Electrical Engineering and co-director of the Stanford Computer Security Lab Dan Boneh and Director of Civil Liberties at the Law School's Center for Internet and Society Jennifer Granick. Special Instructions: This class is limited to 80 students, with an effort made to have students from SLS (40 students will be selected by lottery) and students from Computer Science (40 students). Elements used in grading: Class Participation, Final Paper. Cross-listed with Computer Science (CS - TBA).
