COMP0056 People and Security

This database contains the 2018-19 versions of syllabuses. These are still being finalised and changes may occur before the start of the session.

Syllabuses from the 2017-18 session are available here.

Academic session

2018-19

Module

People and Security

Code

COMP0056

Module delivery

1819/A7P/T1/COMP0056 Postgraduate

Related deliveries

1819/A7U/T1/COMP0056 Masters (MEng)

Prior deliveries

COMPGA10

Level

Postgraduate

FHEQ Level

L7

FHEQ credits

15

Term/s

Term 1

Module leader

Parkin, Simon

Contributors

Parkin, Simon

Module administrator

Bottomley, Samantha

Aims

  • Students will be able to specify usability criteria that a security mechanism has to meet to be workable for end-user groups and work contexts;
  • Know the strengths and weaknesses of particular security mechanisms in practice, and hence be able to choose and configure mechanisms for best performance in a given organisational context; and
  • Be able to specify accompanying measures (policies, training, monitoring and ensuring compliance) that a user organisation needs to implement to ensure long-term security in practice.

Learning outcomes

On successful completion of the module, a student will be able to:

  1. Apply their knowledge of human factors and behavioural economics to specify and implement workable and effective security solutions, and manage security behaviour.

Availability and prerequisites

This module delivery is available for selection on the below-listed programmes. The relevant programme structure will specify whether the module is core, optional, or elective.

In order to be eligible to select this module as optional or elective, where available, students must meet all prerequisite conditions to the satisfaction of the module leader. Places for students taking the module as optional or elective are limited and will be allocated according to the department’s module selection policy.

Programmes on which available:

  • MSc Financial Systems Engineering
  • MSc Information Security
  • MSc Information Security (Part time) (Year 1)
  • MSc Information Security (Part time) (Year 2)
  • MSc Software Systems Engineering
  • MSc Crime and Forensic Science

Prerequisites:

In order to be eligible to select this module, students must have knowledge of basic information security principles, and essay-writing skills; and

Students not enrolled on MSc Information Security must attend an interview with the Module Leader.

Content

Understanding Human Behaviour in Security

  • Systems thinking and design
  • Usability: Users, tasks and context
  • Performance and Workload
  • Productivity and performance vs risk and security

Economics

  • Humans and Risk
  • Risk Biases and Decision-making
  • Friction and the Compliance Budget

Authentication

  • Authentication tasks: enrolment, verification, recovery
  • Knowledge-based authentication: Passwords, -phrases, PINs, graphical Authentication
  • Token-based authentication
  • Biometric authentication: physical and behavioural
  • Continuous authentication via devices, sensors, and biometrics
  • Payment systems and transaction authentication

Access control

  • Different access control models, organisational impact and user workload

Attacks and attackers (and how to counter them)

  • Types of attacks (Guessing, observation, capture and coercion)
  • Types of attackers: motivation, resources risk propensity
  • Social engineering attacks
  • Insider attacks

Identity

  • Online identity vs identity in the physical world
  • National identity vs socially constructed systems
  • Digital footprints, shadows and superidentities
  • Identity as currency

Privacy

  • Data protection and user perception
  • Delivering privacy: Privacy by Design, the PST model
  • Surveillance, dataveillance and sousveillance online and in the physical world (CCTV)

Trust

  • Model of trust in online interaction
  • Game theory: incentivising trustworthy behaviour
  • Reputation systems and their application in online systems

Influencing user behaviour

  • Security awareness, education and training
  • User interface design and influencing techniques
  • Values, attitudes, security culture and security behaviour
  • Responsibility and communication

An indicative reading list is available via http://readinglists.ucl.ac.uk/departments/comps_eng.html.

Delivery

The module is delivered through a combination of lectures, guest lectures, problem-based learning sessions, and non-assessed written exercises.

Assessment

This module delivery is assessed as below:

#

Title

Weight (%)

Notes

1

Written examination (2hrs 30mins)

75

 

2

Coursework

25

 

In order to pass this module delivery, students must achieve an overall weighted module mark of 50%.