COMPM061 - People and Security
This database contains 2016-17 versions of the syllabuses. For current versions please see here.
|Code||COMPM061 (Also taught as: COMPGA10)|
|Taught By||Angela Sasse (100%)|
|Aims||Sudents will be able to specify usability criteria that a security mechanism has to meet to be workable for end-user groups and work contexts; - know the strengths and weaknesses of particular security mechanisms in practice, and hence be able to chose and configure mechanisms for best performance in a given organisational context; and - be able to specify accompanying measures (policies, training, monitoring and ensuring compliance) that a user organisation needs to implement to ensure long-term security in practice.|
|Learning Outcomes||Students will be able to apply their knowledge of human factors to computer security|
Introduction: The Human Factor in Security
Systemic approach to security design
Users, tasks and context
Why only usable security is effective security?
Basic concepts from security and risk analysis
Authentication mechanisms and their usability issues
Improving KBA: personal entropy
Physical Biometrics: Finger, Iris, Face
Behavioural Biometrics: Voice, digital signature, gait, typing
User perception and acceptance of biometrics
Security tasks and business processes
Security as a supporting task
Deriving performance requirements from production tasks
Security mechanisms and context of use
Risk analysis and risk management
The AEGIS method
User education and training
Identifying user perceptions
Designing security training
Changing user perceptions and behaviour
User interfaces to security tools
Responsibility and communication
Designing security policies
Monitoring and compliance
Customer requirements for security
Attacks and Attackers
Surveillance and monitoring
Method of Instruction:
Lecture presentations and classroom-based coursework
The course has the following assessment components:
- Written Examination (2.5 hours, 90%)
- Coursework (10%)
To pass this course, students must:
- Achieve a mark of 50% or above when all sections are combined.
- Obtain a minimum mark of 40% in each component worth ≥ 30% of the module as a whole.
Lorrie Faith Cranor and Simson Garfinkel, 'Security and Usability: Designing Secure Systems that People Can Use', 2005.
Bruce Schneier, 'Beyond Fear - Thinking Sensibly About Security in an Uncertain World', 2005.