Information Technology Security and Risk Management: Inductive Cases for Information Security is a compilation of cases that examine recent developments and issues that are relevant to IT security managers, risk assessment and management, and the broader topic of IT security in the 21st century. As the title indicates, the cases are written and analyzed inductively, which is to say that the authors allowed the cases to speak for themselves, and lead where they would, rather than approach the cases with presuppositions or assumptions regarding what the case should be "about". In other words, the authors were given broad discretion to interpret a case in the most interesting and relevant manner possible; any given case may be "about" many things, depending on the perspective adopted by the reader, and many different lessons may be learned. The inductive approach of these cases reflects the design philosophy of the advanced IT Security and Risk Management course we teach on the topic here at the University of Canterbury, where all discussions begin with the analysis of a specific case of interest and follow the most interesting and salient aspects of the case in evidence. In our course, the presentation, analysis, and discussion of a case are followed by a brief lecture to address the conceptual, theoretical, and scholarly dimensions arising from the case. The inductive approach to teaching and learning also comes with a huge advantage – the students seem to love it, and often express their appreciation for a fresh and engaging approach to learning the sometimes-highly-technical content of an IT security course. As instructors, we are also grateful for the break in the typical scripted "chalk-and-talk" of a university lecture afforded by the spontaneity of the inductive approach.
We were motivated to prepare this text because there seems to be no other book of cases dedicated to the topic of IT security and risk management, and because of our own success and satisfaction with inductive teaching and learning. We believe this book would be useful either for an inductive, case-based course like our own or as a body of cases to be discussed in a more traditional course with a deductive approach. There are abstracts and keywords for each case, which would help instructors select cases for discussions on specific topics, and PowerPoint slides are available as a guide for discussion about a given case.
Steven Wingreen is an Associate Professor of Information Systems and Decision Sciences at the University of Canterbury in Christchurch, New Zealand. Prior to his academic career, he was a manager of networks and telecommunications whose responsibilities included network security. He has taught IT security and risk management over the span of his 23-year teaching career at multiple universities, both as a component of more comprehensive courses and as its own course. His current research agenda on the topic of emerging technologies in 21st century commerce includes a project with multiple papers about information privacy, trust, and ethical concerns in the context of advanced emerging technologies.
