University of Oxford Logo University of OxfordSoftware Engineering - Home
On Facebook
Facebook
Follow us on twitter
Twitter
Linked in
Linked in
Google plus
Google plus
Digg
Digg
Pinterest
Pinterest
Stumble Upon
Stumble Upon

People and Security

People are frequently called the "weakest link in the security chain". Many examples of security incidents involve legitimate users, administrators and developers being unable to comply with, or otherwise duped into breaking the security policy. This course will explore security from a socio-technical and human-computer interaction perspective. The aim is to better understand people and their contexts, in order to develop systems which are more secure in practice.

Course dates

Future courses yet to be planned.

Objectives

The successful participant will:

  • be able to specify usability criteria that a security mechanism has to meet to be workable for end-user groups and work contexts;
  • be able to specify accompanying measures (policies, training, monitoring and ensuring compliance) that an organisation needs to implement to ensure long-term security in practice;
  • understand the impact of security measures on different kinds of users and contexts;
  • understand the role of risk perception, incentives, and regulation in security-related decision-making;
  • be able to develop appropriate strategies against attacks on information systems which exploit human error.

Contents

Usability and HCI
HCI principles; Systems, people, tasks and context; usability evaluation
Authentication and Identity
Types of authentication and trade-offs; Identity and attribute-based credentials
Security in context
Personas; Equity and justice; Developers as users
Economics and Politics of Security
Decision-making, risks and costs; Compliance budget; Regulation
Attacks and Nudges
Phishing; Scams; Dark patterns; Warnings; Advice

Requirements

Participants should have a basic understanding of computer security to the level provided by the Security Principles course.