People and Security
The human element of security is frequently called the "weakest link in the security chain", and there are many examples of security incidents where legitimate users are unable to comply with, or otherwise duped into breaking the security policy. Understanding the relationship between people and technology is a well-known issue, however exploring the issues pertaining to people and security is crucial in achieving a system that is secure in practice.
Course dates
| 4th November 2013 | Oxford University Department of Computer Science | 09 places remaining. |
| 12th May 2014 | Oxford University Department of Computer Science | 11 places remaining. |
| 22nd September 2014 | Oxford University Department of Computer Science | 14 places remaining. |
Objectives
The successful participant will
- be able to specify usability criteria that a security mechanism has to meet to be workable for end-user groups and work contexts;
- be able to chose and configure mechanisms for best performance in a given organisational context;
- be able to specify accompanying measures (policies, training, monitoring and ensuring compliance) that a user organisation needs to implement to ensure long-term security in practice.
Contents
- Usability Design Framework
- Basic human-computer interaction principles; Systems, people, tasks and context;
- Authentication
- Types of authentication; Knowledge, token and biometric authentication mechanisms; Human issues with authentication;
- Trust & Privacy
- Security policies; Online trust and organisational trust; Privacy and consent;
- Psychology of Attacks and Attackers
- Insider attacks, opportunistic and premeditated attacks; Attack precursors; Targets; Deterrents;
- Security Tasks and Workflow
- Best practices; User interface design; Interaction design;
Requirements
Participants should have a basic understanding of computer security to the level provided by the Security Principles course.