Want to do more than just understand how security systems work? In the Security Informatics track, you'll explore both the technical and human sides of protecting data, privacy, and digital systems. You'll study topics like:
Cryptography
Threat assessment
Privacy and computer forensics
User-centered security design
Network and systems security
You'll also dive into the social, economic, and legal factors that shape how people and organizations approach security. With demand for security professionals growing across industries, this track prepares you for a wide range of impactful careers.
What you'll learn
Information security affects nearly every part of modern life. In the Security Informatics track, you’ll go beyond technical skills to understand how people, policies, and systems shape today’s digital threats and defenses. You’ll gain a strong foundation in designing and managing secure technologies while exploring the social, legal, and economic forces that influence how security decisions are made. With cybersecurity professionals in high demand, this track opens the door to a wide range of career opportunities.
As a student in the Security Informatics track, you’ll work toward these core goals:
Build a strong foundation in the math behind cybersecurity systems and tools
Understand key research, innovations, and literature that have shaped the field
Gain hands-on experience with current and emerging security technologies
Explore how privacy and security technologies impact society and policy
Understand how economics and organizational behavior influence security descisions
Develop interdisciplinary skills to address challenges like social engineering and the human side of cybersecurity
These goals prepare you to approach information security from both a technical and human-centered perspective.
Learn about related research
Security and Privacy in Informatics, Computing, and Engineering (SPICE) is the branch of informatics that studies and supports the design, evaluation, and implementation of technologies that enable control over information.
Assistant Professor, Mary Jean Amon, with advanced degrees in Experimental Psychology and Psychology in Education, has held research roles at Indiana University and the University of Colorado, focusing on user-oriented research to enhance decision-making within complex socio-technological systems, and has published widely in venues like CHI, CSCW, and IEEE Security and Privacy.
Assistant Professor, Cici Ling studies online abusive behavior across platforms using multi-modal, mixed methods to develop mitigation strategies; her work has been recognized in top venues like IEEE S&P and ACM CSCW and featured in outlets such as Wired. She has received honors including the 2023 EECS Rising Star award and the 2022 Meta PhD Fellowship.
Assistant Professor, Yan Huang’s research interests include computer security and privacy, applied cryptography, programming languages, data mining and artificial Intelligence. Ph.D. Computer Science.
Associate Professor Apu Kapadia, is the Associate director of Cybersecurity Academic Programs. His research focuses on computer security and privacy issues in the context of social networks and wearable and sensor-enabled computing. Ph.D. Computer Science.
Assistant Professor, Hyungsub Kim's research focuses on system security with a focus on program analysis and formal methods to address security threats in robotic vehicles, including detecting and verifying patches for logic bugs and developing countermeasures against physical sensor attacks.
Assistant Professor, Thai Le earned his Ph.D. from Pennsylvania State University in 2022, his studies focused on Artificial Intelligence and Machine Learning, Natural Language Processing, Security and Privacy, and Security Informatics.
Assistant Professor, Chenhong Wang's research interests are related to system and software security, especially in developing and applying automated program analysis techniques for vulnerability discovery and security analysis in complex software systems (e.g., Linux kernel).
Assistant Professor, Hang Zhang's research interests are related to system and software security, especially in developing and applying automated program analysis techniques for vulnerability discovery and security analysis in complex software systems (e.g, Linux kernel).
Track guide
Required courses
All required courses provided by faculty in the Security track, including the I609 Advanced Seminar, are open to students with sufficient background from other tracks and programs.
A student must successfully complete ninety (90) credit hours of graduate-level course work. The specific track requirements are below.
I501: Introduction to Informatics
I502: Human-Centered Research Methods in Informatics (3 cr.)
INFO I520 Security for Networked Systems (3 cr.)
INFO I533 Systems and Protocol Security and Information Assurance (3 cr.)
INFO I609 Seminar I in Informatics (3 cr.)
INFO I709 Seminar II in Informatics (3 cr.)
NOTE: A student must take I609 and/or I709.
INFO I790 Informatics Research Rotation (3 cr.)
NOTE: A student must complete two rotations of I790. A third rotation will not count for course credit.
NOTE: These courses must be appropriate for a Ph.D. in Informatics.
NOTE: A student must complete an internal or external minor approved by the University Graduate School and the School. If a student selects an individualized minor, prior to taking courses, the University Graduate School must approve the proposed minor course list. There is no typical minor; however, students in the Security Informatics track have pursued minors in Computer Science, Psychology, Sociology, and Statistics.
NOTE: A student must have all electives approved by the student's advisor and the Director of Informatics Graduate Studies prior to enrolling in the course.
INFO I890 Thesis Readings and Research.
In addition to required courses, faculty in the track offer courses that provide more targeted training is specific areas.
INFO I521 Human Robot Interaction
INFO I525 Organizational Informatics and Economics of Security
INFO I536 Foundational Mathematics of Cybersecurity
INFO I537 Legal and Social Informatics of Security
INFO I538 Introduction to Cryptography
INFO I539 Cryptography Protocols
INFO I590 Past topics have included: Security and Privacy in the Internet of Things, Advanced Topics in Privacy, and Usable Security
Typical minors
Computer Science, Social Informatics, Psychology, Public Management, Complex Systems.
Qualifying exam
There are three components to the security qualifier for doctoral candidacy. There is a comprehensive written exam. There is production of independent research. There is an oral defense of that independent research.
The written exam is a 4-hour closed book exam. During the exam the student may not reference any material except what is stored in the student’s head. Students must turn-off and place on the desk any cellphones, or other digital devices. The exam is broken in to four sections. First, there are breadth questions related to security in general that all students should know. Second, there are questions related to specific security courses the students have taken that are most applicable to the student’s area of research, and therefore is expected to have more than basic knowledge. Third, there are questions from a course that is related to the student’s minor. Fourth, and most in-depth, questions relating to the students research area. The advisor usually writes these last questions. The student must pass each of the four sections in order to pass the exam. The student will not discuss the questions on this exam with anyone but faculty at any point during or after the exam. The student will write the student’s answers exam in IU blue-books. On two occasions due to disability concerns the students have been provided stripped-down computers without internet access for the exam.
The second component is demonstrated research progress in a written form. Often this will take the form of work that has either been accepted in a peer-reviewed event or is judged as equivalent quality by the student’s qualifying committee. In some domains, most obviously theory and cryptography, there is not a requirement for a publishable unit but rather proof of clear research ability and knowledge as illustrated by significant progress.
The oral exam is a presentation of that publication. It requires the student be able to defend his or her own, and illustrate mastery. Every stage of the research is subject to question.
Sample dissertation titles
Debin Liu (2011) Incentives, Behavior and Risk Management.
Vaibhav Garg (2012) Risk Perceptions of Security and Privacy Risks Online.
Chris Soghoian (2012) The Spies we Trust: Third Party Service Providers and Law Enforcement Surveillance.
Kehuan Zhang (2012). Security in Cloud Computing: New Challenges and Solutions.
Rui Wang (2013). Security and Privacy Hazards of Software-as-a-Service: Analyses and Mitigations over Distributed Functionalities.
Nathaniel Husted (2014). Analysis Techniques for Exploring Emergent Vulnerabilities and Attacks on Mobile Devices.
Shirin Nilizadeh (2014). Privacy-Aware Decentralized Architectures for Socially Networked Systems.
Timothy Kelley (2014). Systemic Effects of Human Factors in Information Security.
Zheng Dong (2015). Small Communities with Strong Ties (And, Or, Versus) Big Data in Detecting Masquerade Attacks.
Ready to start your journey at Luddy? Take the next step!
