University of Oxford Logo University of OxfordSoftware Engineering - Home
On Facebook
Follow us on twitter
Linked in
Linked in
Google plus
Google plus
Stumble Upon
Stumble Upon

People and Security

The human element of security is frequently called the "weakest link in the security chain", and there are many examples of security incidents where legitimate users are unable to comply with, or otherwise duped into breaking the security policy. Understanding the relationship between people and technology is a well-known issue, however exploring the issues pertaining to people and security is crucial in achieving a system that is secure in practice.

Course dates

11th April 2016Oxford University Department of Computer Science03 places remaining.
19th September 2016Oxford University Department of Computer Science08 places remaining.
27th March 2017Oxford University Department of Computer Science14 places remaining.


The successful participant will

  • be able to specify usability criteria that a security mechanism has to meet to be workable for end-user groups and work contexts;
  • be able to chose and configure mechanisms for best performance in a given organisational context;
  • be able to specify accompanying measures (policies, training, monitoring and ensuring compliance) that a user organisation needs to implement to ensure long-term security in practice.


Usability Design Framework
Basic human-computer interaction principles; Systems, people, tasks and context;
Types of authentication; Knowledge, token and biometric authentication mechanisms; Human issues with authentication;
Trust & Privacy
Security policies; Online trust and organisational trust; Privacy and consent;
Psychology of Attacks and Attackers
Insider attacks, opportunistic and premeditated attacks; Attack precursors; Targets; Deterrents;
Security Tasks and Workflow
Best practices; User interface design; Interaction design;


Participants should have a basic understanding of computer security to the level provided by the Security Principles course.