CSC-40104 - Module Specification
School of Computer Science and Mathematics
Faculty of Natural Sciences

Programme/Approved Electives for 2024/25

Available as a Free Standing Elective

Co-requisites

None

Prerequisites

None

Barred Combinations

None

Description for 2024/25

'Security measures cannot be effective if humans are neither willing nor able to use them' (The Cyber Security Body Of Knowledge, 2019).
Since the early 2000's, there has been an increased appreciation of the role that human factors have in the underlying causes of security failures. Security measures are often not adopted because humans are treated as components whose behaviour can be specified through security policies, and controlled through security mechanisms and sanctions. Humans are often described as the `weakest linkż in a system but security needs to be usable and acceptable to be effective. This module, based on the 'Human Factors Knowledge Area' of 'The Cyber Security Body Of Knowledge', aims to provide a foundational understanding of the role of human factors in cyber security. This will include an exploration of human strengths and weaknesses, the importance of user research and task analysis (both for security and primary/everyday tasks) and the design of well-fitting security tasks. It will also cover appropriate strategies and methods for raising security awareness as well as behaviour change within an organisation by education and training e.g. games and simulations. It will also highlight the importance of creating a positive security culture where individuals or groups are encouraged to become more involved in decision-making about security, and being part of delivering it.

This module aims to provide a foundational understanding of the role of human factors in cyber security and how to design security that is usable and acceptable to a range of human actors. It also aims to introduce a broader organisational and societal perspective on security. This will include the importance of trust and collaboration for effective cyber security and how to engage stakeholders and negotiate security solutions that meet their needs.
The content and terminology used is based on the 'Human Factors Knowledge Area' of 'The Cyber Security Body Of Knowledge'

Intended Learning Outcomes

support the capabilities and limitations of target users and the devices they use;: 1,2
apply contextual inquiry to identify the primary tasks stakeholders are carrying out;: 1,2
design well-fitting security tasks that consider mental and physical workload;: 1,2
design effective approaches to support security awareness and behaviour change;: 1,2
develop methods to encourage a positive security culture.: 1,2

Study hours

20 hours of interactive large group sessions;
10 hours of small group labs/tutorials;
30 hours of directed reading/viewing;
5 hours of participation in online asynchronous sessions; - active learning
70 hours of preparation for assessment 1 (Design of a set of well-fitting security tasks and Design of a security awareness, education and training campaign) in small teams;
5 hours of participation in cohort presentation sessions for assessment 1.
10 hours of preparation for assessment 2 (Individual Work Reflection Report)

School Rules

None

Description of Module Assessment