University of Oxford Logo University of OxfordSoftware Engineering - Home
On Facebook
Facebook
Follow us on twitter
Twitter
Linked in
Linked in
Google plus
Google plus
Digg
Digg
Pinterest
Pinterest
Stumble Upon
Stumble Upon

People and Security

People are frequently called the "weakest link in the security chain". Many examples of security incidents involve legitimate users, administrators and developers being unable to comply with, or otherwise duped into breaking the security policy. This course will explore security from a socio-technical and human-computer interaction perspective. The aim is to better understand people and their contexts, in order to develop systems which are more secure in practice.

Course dates

1st November 2021Oxford University Department of Computer Science - online one week 9-5 course05 places remaining.
28th March 2022Oxford University Department of Computer Science - Held in the Department 0 places remaining.
10th October 2022Oxford University Department of Computer Science12 places remaining.
17th April 2023Oxford University Department of Computer Science11 places remaining.

Objectives

The successful participant will:

  • be able to specify usability criteria that a security mechanism has to meet to be workable for end-user groups and work contexts;
  • be able to specify accompanying measures (policies, training, monitoring and ensuring compliance) that an organisation needs to implement to ensure long-term security in practice;
  • understand the impact of security measures on different kinds of users and contexts;
  • understand the role of risk perception, incentives, and regulation in security-related decision-making;
  • be able to develop appropriate strategies against attacks on information systems which exploit human error.

Contents

Usability and HCI
HCI principles; Systems, people, tasks and context; usability evaluation
Authentication and Identity
Types of authentication and trade-offs; Identity and attribute-based credentials
Security in context
Personas; Equity and justice; Developers as users
Economics and Politics of Security
Decision-making, risks and costs; Compliance budget; Regulation
Attacks and Nudges
Phishing; Scams; Dark patterns; Warnings; Advice

Requirements

Participants should have a basic understanding of computer security to the level provided by the Security Principles course.