Credits: 5 EC
Motivation: Cybersecurity attacks on organizations and services increasingly target the people who are involved, such as employees in companies or home computer users. Solutions to address this problem need to be feasible for individuals, alongside other user priorities (such as completing paid work). Without consideration of user skills or needs, solutions such as security training or browser warning pop-ups add effort and burden to the user, and encourage less secure behaviours as workarounds (such as writing down difficult-to-remember passwords to ensure system access).
Synopsis and overview of Contents: In this course, students will learn about the user perspective of security technologies. This will leverage key human factors concepts, around security usability and its connections to decisions in policy, planning, and technology investment. This will include how to assess a security solution from the perspective of different kinds of technology users and their tasks. By assessing the strengths and weaknesses of particular security mechanisms for users in practice (policies, training, monitoring, etc.), security implementation and management decisions can be made which better fit the context in which mechanisms are used. This can ensure long-term security which better matches the requirements of a particular user organisation or community.
The format will include structured lectures, background reading, problem-driven group discussions.
Learning Outcomes: The student will:
- Gain a sound understanding of security usability as a discipline, from assessing the context of use alongside primary tasks, to identifying the time and effort costs to users.
- Obtain foundational skills in matching security technologies and processes to user abilities, motivations, and perceptions of security-related technologies. This will include examination of authentication and identity technologies, employee security training, trust in online contexts, privacy-related evaluations of personal data disclosure, etc.
- Gain insights into the design of effective security technologies and their deployment from a human-centred perspective, to inform interface and policy design and ensure compliance with security expectations. This will include management of security behaviour change activities, and identifying how to position expert support to aid users, e.g., effective communication of policy, use of persuasive design in security.
Lecturers: Dr. Simon Parkin (TUD)
Examination: Individual assignment on assigned reading material (20%); a final individual assignment is an essay (80%)
Core text: Various papers from the literature.