CS426 - Human Centred Security
TIMETABLE | TEACHING MATERIAL |
Credits | 20 |
Level | 4 |
Semester | Semester 2 |
Availability | Optional for BSc Hons Computer Science, MEng Computer Science and BSc Hons Software Engineering |
Prerequisites | None |
Learning Activities Breakdown | Lectures: 10 at 2 hours each (total 20 hours) Practical / Lab: 10 at 1 hour each (total 10 hours) Homework / Private Study: 170 hours Total hours activity: 200 hours |
Assessment | Group assignment based on L Obj.'s 1, 2, 4 & 5. Weighting: 40%. Deadline: Week 6. To write a two-page executive summary to brief their manager about a given topic (a list of possible topics will be provided) Project / Case Study based on L Obj.'s 3 & 6. Weighting: 60%. Deadline: Week 10. Given three cyber security scenarios, choose one, then design an intervention to improve the usersystem interface and user uptake of the security software or “soft” intervention. Explain how this would help people resist social engineering attacks. |
Lecturer | Karen Renaud |
Aims and Objectives
L Obj 1 : To understand the fundamental concepts of cyber security, with an emphasis on the human side of cyber security
L Obj 2 : To understand the influences on human decision making and how human behaviour can be changed, including the use of nudges
L Obj 3 : To be able to design an evidence-based intervention which improves the user’s interaction with a security solution
L Obj 4 : To be able to write information security policies that accommodate the needs of humans
L Obj 5 : To gain an appreciation of the entire socio-technical system within which users interact with security systems
L Obj 6 : To gain an appreciation of a range of social engineering techniques, and ways of ameliorating these
Learning Outcomes
This class will strengthen the security offering by making students more aware of human-centred security design
Syllabus
1. What is human-centred security? This will review the information provided by CS407 in greater detail.
2. Human as solution in the cyber domain. This will discuss a systemic approach to cyber security – looking at social and organizational influences, and ways in which organizations can make the individual part of the solution rather than “the problem”.
3. Usable and Accessible Authentication. Here various alternative authentication mechanisms will be presented, together with their pro’s and con’s, as well as the principles of accessible authentication. An ontology of password best practice, as well as age-appropriate ontologies.
4. Privacy: why privacy is so hard to get people to care about, the privacy paradox, how to help people to articulate their privacy rights. How we can teach children about their privacy rights. The ubiquity of IoT devices and their impact on privacy.
5. Human Decision Making and Behaviour Change. People do not simply change their behaviour because they are told to. It is a process. This part of the course will present the various steps people take from action to inaction and the factors that encourage and deter change.
6. Nudging to effect behaviour change, the use of fear appeals, the use of negative emotions in organizations.
7. Security culture and social science approach to organizational cyber security. 8. Social Engineering Attacks – specifically a range of interventions that can be used to make users more resilient to these. This will include phishing, vishing, smishing, popups and various other ways that hackers use to deceive.
9. Country-Level Cyber Security Strategies, including Cyber Diplomacy, cyber security strategy policies and responsibilization of citizens.
10. Contemplating cyber security “process” in organisations, including the role of information security policies, considering how to write them, and how to support employees rather than coerce them.
Recommended Reading
This list is indicative only – the class lecturer may recommend alternative reading material. Please do not purchase any of the reading material listed below until you have confirmed with the class lecturer that it will be used for this class.
Secrets and Lies: Digital Security in a Networked World by Bruce Schneier (2004). This is not a core text and is available in the University Library.
Last updated: 2023-03-13 17:33:53