University of Oxford Logo University of OxfordSoftware Engineering - Home
On Facebook
Facebook
Follow us on twitter
Twitter
Linked in
Linked in
Google plus
Google plus
Digg
Digg
Pinterest
Pinterest
Stumble Upon
Stumble Upon

People and Security

The human element of security is frequently called the "weakest link in the security chain", and there are many examples of security incidents where legitimate users are unable to comply with, or otherwise duped into breaking the security policy. Understanding the relationship between people and technology is a well-known issue, however exploring the issues pertaining to people and security is crucial in achieving a system that is secure in practice.

Course dates

22nd September 2014Oxford University Department of Computer Science06 places remaining.
13th April 2015Oxford University Department of Computer Science10 places remaining.
21st September 2015Oxford University Department of Computer Science17 places remaining.

Objectives

The successful participant will

  • be able to specify usability criteria that a security mechanism has to meet to be workable for end-user groups and work contexts;
  • be able to chose and configure mechanisms for best performance in a given organisational context;
  • be able to specify accompanying measures (policies, training, monitoring and ensuring compliance) that a user organisation needs to implement to ensure long-term security in practice.

Contents

Usability Design Framework
Basic human-computer interaction principles; Systems, people, tasks and context;
Authentication
Types of authentication; Knowledge, token and biometric authentication mechanisms; Human issues with authentication;
Trust & Privacy
Security policies; Online trust and organisational trust; Privacy and consent;
Psychology of Attacks and Attackers
Insider attacks, opportunistic and premeditated attacks; Attack precursors; Targets; Deterrents;
Security Tasks and Workflow
Best practices; User interface design; Interaction design;

Requirements

Participants should have a basic understanding of computer security to the level provided by the Security Principles course.