Information Technology Security and Risk Management: Inductive Cases for Information Security is a compilation of cases that examine recent developments and issues that are relevant to IT security managers, risk assessment and management, and the broader topic of IT security in the 21st century.
Information Technology Security and Risk Management: Inductive Cases for Information Security is a compilation of cases that examine recent developments and issues that are relevant to IT security managers, risk assessment and management, and the broader topic of IT security in the 21st century. As the title indicates, the cases are written and analyzed inductively, which is to say that the authors allowed the cases to speak for themselves, and lead where they would, rather than to approach the cases with presuppositions or assumptions regarding what the case should be about. In other words, the authors were given broad discretion to interpret a case in the most interesting and relevant manner possible; any given case may be about many things, depending on the perspective adopted by the reader, and many different lessons may be learned. The inductive approach of these cases reflects the design philosophy of the advanced IT Security and Risk Management course we teach on the topic here at the University of Canterbury, where all discussions begin with the analysis of a specific case of interest and follows the most interesting and salient aspects of the case in evidence. In our course, the presentation, analysis, and discussion of a case is followed by a brief lecture to address the conceptual, theoretical, and scholarly dimensions arising from the case. The inductive approach to teaching and learning also comes with a huge advantage the students seem to love it, and often express their appreciation for a fresh and engaging approach to learning the sometimes-highly-technical content of an IT security course. As instructors, we are also grateful for the break in the typical scripted chalk-and-talk of a university lecture afforded by the spontaneity of the inductive approach.
We were motivated to prepare this text because: there seems to be no other book of cases dedicated to the topic of IT security and risk management, and our own success and satisfaction with inductive teaching and learning. We believe this book would be useful either for an inductive, case-based course as our own, or as a body of cases to be discussed in a more traditional course with a deductive approach. There are abstracts and keywords for each case, which would help instructors select cases for discussions on specific topics, and powerpoint slides available as a guide for discussion about a given case.
SECTION
1. TECHNICAL CASES, TEACHING CASES, 1.1. Data Breach at Nintendo
Co. Ltd.: 300,000 Nintendo Users Hacked, 1.2. Target Corporation, 1.3. Case
Study: Cyber-attack on Ukrainian Power Grid, 1.4. Capital One Data Breach,
1.5. LinkedIn Data Hack, 1.6. Zoombombing: A Technical Perspective, 1.7. Case
Study: Ransomware Attack on IT Firm Collabera, 1.8. Neuralink: A Neural
Technology Company, 1.9. Securing the Internet of Things, RESEARCH CASES,
1.10. Connected Vehicles: An Era of Communications Technologies,
Cybersecurity, and Innovation, 1.11. SilverPush: A Case of Convenience versus
Privacy, SECTION
2. BEHAVIORAL AND SOCIAL CASES, TEACHING CASES, 2.1.
Microsoft 365 Phishing Case, 2.2. Internet of Things Security: Trend Micro
Experiment, 2.3. 2014 Cyber-attack on eBay Case Study Analysis, 2.4. Internal
Revenue Service Scams, 2.5. International Student Scams, 2.6. Security and
Privacy Risk with Social Robotics, 2.7. Financial Fraud (IS System Controls)
at NCL Ltd, 2.8. When You Cant Believe What You See or Hear, 2.9. Robots:
Attack Vectors and Safeguards, 2.10. Ransomware: Hollywood Presbyterian
Medical Center, 2.11. Fast Food Phishing: Cyber Espionage, 2.12. Workplace
Robots, RESEARCH CASES, 2.13. Facial Recognition: Legal, Ethical, and
Cultural Concerns, 2.14. Aadhaar: The National Identity System of India,
SECTION
3. PROCESS CASES, TEACHING CASES, 3.1. NHS: COVID-19 Research Ethics
and Governance, 3.2. Marriot Data Breach: A Case Study Analysis, 3.3.
ChoicePoint, 3.4. TJX, 3.5. Case Study: A Data Breach on Flipboard, 3.6. What
Happens in Vegas: Breach of Data Confidentiality, 3.7. PIH Health Phishing,
3.8. Biometric Protection and Security: A Case Study on Clearview AI, 3.9.
Zoombombing: A Business Process Perspective, 3.10. Security in the Healthcare
Sector, 3.11. eBay Hack, 3.12. Using AI to Maintain Security of Healthcare
Systems, RESEARCH CASES, 3.13. Digital Identity Theft Using Deepfakes
Steven Wingreen is an Associate Professor of Information Systems and Decision Sciences at the University of Canterbury in Christchurch, New Zealand. Prior to his academic career, he was a manager of networks and telecommunications whose responsibilities included network security. He has taught IT security and risk management over the span of his 23-year teaching career at multiple universities, both as a component of more comprehensive courses and as its own course. His current research agenda on the topic of emerging technologies in 21st century commerce includes a project with multiple papers about information privacy, trust, and ethical concerns in the context of advanced emerging technologies.
Biežāk uzdotie jautājumi par e-grāmatām