The Psychology of Security (Module 2 Case Study)

Module 2 - Case
Belief & Culture: Build Awareness
Case Assignment
To know about a field and keep abreast with what happens, especially a field that changes and advances fast, it is important to know the "Who's Who" in the field. Bruce Schneier is a top information security technologist and author, and has been named by The Economist as "security guru" (see http://www(dot)schneier(dot)com). It will be worthwhile for you to visit his website on a frequent basis in you want to pursue a Chief Security Office career.
The following multi-media presentation delivers what Schneier's view on information security management. If you have bandwidth issue and can't watch the video, then you can hear his speech from the audio stream. In the presentation, Schneier suggests a framework of "feeling, reality, and model" and explains how these three should be in sync. He also emphasizes how the "feeling" of security plays a role and how important a person's cognitive perception (partially coming from the person's belief and culture) is.
Bruce Schneier discusses on Ted Talks the Security Mirage, October 2010 at https://www(dot)ted(dot)com/talks/bruce_schneier.
If you can't watch the video or hear the audio, then you must read the following article which covers the topic. Otherwise, you should still scan through the article to refresh what you heard and grasp some new concepts that didn't get explained in-depth in the presentation:
Schneier, B. (2008). The Psychology of Security. http://www(dot)schneier(dot)com/essay-155.html.
Another "Who's Who" in the security field is Mark Seiden (a Cutter Consortium consultant, 35 yrs of programming experience, on the technical advisory board of Counterpane, among top 50 CyperElite). Please listen to his speech, where Mark emphasized the need to build proper organizational and customer awareness of security needs.
Seiden, M. Speech.
There are many factors influencing one's belief. Culture is one factor, upbringing is another one. So is a person's education and exposure on the subject. I can't affect your culture or upbringing, but I would like to educate/expose to you some concepts that can influence what you think regarding to security. Remember, I am only scratching the surface here. You need to continue educate yourself and build awareness of security for yourself and your organization.
Mercuri, Rebecca T.; Neumann, Peter G. (2003) Security by Obscurity. Communications of the ACM, Nov2003, Vol. 46 Issue 11, p160-160. (TUI library).
Hoepman, Jaap-Henk; Jacobs, Bart. (2007) Increased Security Through Open Source. Communications of the ACM, Jan2007, Vol. 50 Issue 1, p79-83. (TUI library).
Now it is time to write about what you learned in the background readings. Writing about what you learned is like digesting food. Only through your own language, you can truly assimilate and absorb.
After you have "strategically" read the above materials, and, more importantly, thought about them critically and inter-connectively, compose a 4- to 6-page paper on the topic:
Why is it important to build one's awareness and proper perception of information security? And how does one build such awareness/proper perception in the management of an organization?
In preparing your paper, you need to discuss the following issues, and support with arguments and evidence:
· What is the framework suggested by Schneier? Do you agree or disagree?
· How is Schneier's framework connected with the framework suggested in Module 1?
· Summarize key points from Seiden's speech.
· What are your views on "security by obscurity" and "enhancing security via open source"? What are they? Why do you hold your views?
· How would you help the managers in an organization to build security awareness and proper perceptions?
Assignment Expectations
Length: Minimum 4–6 pages excluding cover page and references (since a page is about 300 words, this is approximately 1,200–1,800 words).
Assignment-driven criteria (25 points): Demonstrates clear understanding of the subject and addresses all key elements of the assignment.
Critical thinking (10 points): Demonstrates mastery conceptualizing the problem. Shows analysis, synthesis, and evaluation of required material.
Scholarly writing (5 points): Demonstrates writing proficiency at the academic level of the course; addresses the Learning Outcomes of the assignment.
Quality of references (4 points) and assignment organization (3 points): Uses relevant and credible sources to support assertions. Assignment is well organized and follows the structure of a well-written paper.
Citing sources (3 points): Uses in-text citations and properly formats references in APA style.
· Please use original writing (No Plagerism)
· Please use American URLs on the reference page that can be easily verified on the web 
· Please include the page numbers in the references
· Read the background material in the attachment titled Background
I have attached the PDFs of the material and URLs.
"Speech", is a video.
URLs to References:
Hoepman, Jaap-Henk; Jacobs, Bart. (2007) Increased Security Through Open Source. Communications of the ACM, Jan2007, Vol. 50 Issue 1, p79-83. (TUI library).
http://web(dot)b(dot)ebscohost(dot)com(dot)ezproxy(dot)trident(dot)edu:2048/ehost/pdfviewer/pdfviewer?sid=30b2dffb-32a5-4b4e-9c9e-5e9fda017ec0%40sessionmgr113&vid=1&hid=101
Mercuri, Rebecca T.; Neumann, Peter G. (2003) Security by Obscurity. Communications of the ACM, Nov2003, Vol. 46 Issue 11, p160-160. (TUI library).
http://web(dot)a(dot)ebscohost(dot)com(dot)ezproxy(dot)trident(dot)edu:2048/ehost/detail/detail?sid=3908b9f0-54f5-433d-8850-687cf7726922%40sessionmgr4002&vid=0&hid=4201&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#AN=11407048&db=bth
Speech is actually a video.