University of Oxford Logo University of OxfordSoftware Engineering - Home

People and Security

The human element of security is frequently called the "weakest link in the security chain", and there are many examples of security incidents where legitimate users are unable to comply with, or otherwise duped into breaking the security policy. Understanding the relationship between people and technology is a well-known issue, however exploring the issues pertaining to people and security is crucial in achieving a system that is secure in practice.

Course dates

12th May 2014Oxford University Department of Computer Science03 places remaining.
22nd September 2014Oxford University Department of Computer Science10 places remaining.
13th April 2015Oxford University Department of Computer Science16 places remaining.

Objectives

The successful participant will

  • be able to specify usability criteria that a security mechanism has to meet to be workable for end-user groups and work contexts;
  • be able to chose and configure mechanisms for best performance in a given organisational context;
  • be able to specify accompanying measures (policies, training, monitoring and ensuring compliance) that a user organisation needs to implement to ensure long-term security in practice.

Contents

Usability Design Framework
Basic human-computer interaction principles; Systems, people, tasks and context;
Authentication
Types of authentication; Knowledge, token and biometric authentication mechanisms; Human issues with authentication;
Trust & Privacy
Security policies; Online trust and organisational trust; Privacy and consent;
Psychology of Attacks and Attackers
Insider attacks, opportunistic and premeditated attacks; Attack precursors; Targets; Deterrents;
Security Tasks and Workflow
Best practices; User interface design; Interaction design;

Requirements

Participants should have a basic understanding of computer security to the level provided by the Security Principles course.